Allow path-bound builtins on restricted shells

If a system administrator prefixes /opt/ast/bin to the path and
then invokes the shell in restricted mode, they clearly intend for
the user to run those AST utilities.

Similarly, if a system administrator sets a PATH for a restricted
shell that includes libraries listed in the .paths file, they must
have intended for the user to use those loadable built-ins, as they
will be associated with the pathnames of their respective
libraries. Since the user cannot change PATH or use the builtin
command, they still cannot load just any built-in they choose.

src/cmd/ksh93/sh/path.c:
- Remove SH_RESTRICTED check when handling path-bound builtins
  or dynamic libaries containining builtins in $PATH.

src/cmd/ksh93/tests/builtins.sh:
- Add test verifying a restricted user can use /opt/ast/bin/cat
  via a PATH search.

Progresses: https://github.com/ksh93/ksh/issues/138

NEWS

@@ -3,6 +3,11 @@ For full details, see the git log at: https://github.com/ksh93/ksh
 
 Any uppercase BUG_* names are modernish shell bug IDs.
 
+2021-04-08:
+
+- Path-bound builtins will now be used by restricted shells if /opt/ast/bin
+  is in the $PATH upon invoking the shell or before setting it to restricted.
+
 2021-04-07:
 
 - The $LC_TIME variable is now recognized by ksh and if set to an invalid

src/cmd/ksh93/include/version.h

@@ -20,7 +20,7 @@
 
 #define SH_RELEASE_FORK	"93u+m"		/* only change if you develop a new ksh93 fork */
 #define SH_RELEASE_SVER	"1.0.0-alpha"	/* semantic version number: https://semver.org */
-#define SH_RELEASE_DATE	"2021-04-07"	/* must be in this format for $((.sh.version)) */
+#define SH_RELEASE_DATE	"2021-04-08"	/* must be in this format for $((.sh.version)) */
 #define SH_RELEASE_CPYR	"(c) 2020-2021 Contributors to ksh " SH_RELEASE_FORK
 
 /* Scripts sometimes field-split ${.sh.version}, so don't change amount of whitespace. */

src/cmd/ksh93/sh/path.c

@@ -781,15 +781,17 @@ Pathcomp_t *path_absolute(Shell_t *shp,register const char *name, Pathcomp_t *pp
 			return(0);
 		}
 		isfun = (oldpp->flags&PATH_FPATH);
-		if(!isfun && !sh_isoption(SH_RESTRICTED))
+		if(!isfun)
 		{
 #if SHOPT_DYNAMIC
 			Shbltin_f addr;
 			int n;
 #endif
+			/* Handle default path-bound builtins */
 			if(*stakptr(PATH_OFFSET)=='/' && nv_search(stakptr(PATH_OFFSET),shp->bltin_tree,0))
 				return(oldpp);
 #if SHOPT_DYNAMIC
+			/* Load builtins from dynamic libraries */
 			n = staktell();
 			stakputs("b_");
 			stakputs(name);

src/cmd/ksh93/tests/builtins.sh

@@ -1156,5 +1156,17 @@ got=$(ulimit -t unlimited; uname -d > /dev/null; uname -o)
 [[ $exp == $got ]] || err_exit "'uname -d' changes the output of 'uname -o'" \
 	"(expected $(printf %q "$exp"), got $(printf %q "$got"))"
 
+# ======
+# Default path-bound builtins should be available to restricted shells if they are in $PATH on invocation
+# https://github.com/ksh93/ksh/issues/138#issuecomment-813886069
+builtin -d cat
+if	[[ $'\n'${ builtin; }$'\n' == *$'\n/opt/ast/bin/cat\n'* ]]
+then	exp='  version         cat (*) ????-??-??'
+	got=$(PATH=/opt/ast/bin:$PATH "$SHELL" -o restricted -c 'cat --version' 2>&1)
+	[[ $got == $exp ]] || err_exit "restricted shells do not recognize path-bound builtins" \
+		"(expected match of $(printf %q "$exp"), got $(printf %q "$got"))"
+else	warning 'skipping path-bound builtin test for restricted shells: builtin /opt/ast/bin/cat not found'
+fi
+
 # ======
 exit $((Errors<125?Errors:125))