From 86fc4c6d0ac3228ac0ff5ef369b7979d51bb57c5 Mon Sep 17 00:00:00 2001 From: Martijn Dekker Date: Fri, 8 Jan 2021 21:59:30 +0000 Subject: [PATCH] init: Refuse to import $KSH_VERSION from environment $KSH_VERSION is initialised as a nameref to ${.sh.version}, but it was not realiable as it could be overridden from the environment. Some scripts do version checking so this would allow influencing their execution. This fix is inspired by the following Solaris patch: https://github.com/oracle/solaris-userland/blob/master/components/ksh93/patches/200-17435456.patch but a different approach was needed, because the code has changed (see 960a1a99). src/cmd/ksh93/sh/init.c: env_init(): - Refuse to import $KSH_VERSION. Using strncmp(3) might be crude, but it's effective and I can't figure out another way. --- src/cmd/ksh93/sh/init.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/cmd/ksh93/sh/init.c b/src/cmd/ksh93/sh/init.c index c81f0b7e4..5e186f414 100644 --- a/src/cmd/ksh93/sh/init.c +++ b/src/cmd/ksh93/sh/init.c @@ -1911,6 +1911,8 @@ static char *env_init(Shell_t *shp) /* The magic A__z env var is an invention of ksh88. See e_envmarker[]. */ if(*cp=='A' && cp[1]=='_' && cp[2]=='_' && cp[3]=='z' && cp[4]=='=') next = cp + 4; + else if(strncmp(cp,"KSH_VERSION=",12)==0) + continue; else if(np = nv_open(cp,shp->var_tree,(NV_EXPORT|NV_IDENT|NV_ASSIGN|NV_NOFAIL))) { nv_onattr(np,NV_IMPORT);