Hi Warren,
Warren Block wrote on Mon, Aug 31, 2015 at 07:43:12PM -0600:
> Just tonight, it was pointed out on IRC that 'man /bin/sh' on FreeBSD
> failed spectacularly.
In which way exactly? On OpenBSD, i see this:
schwarze@isnote $ man /bin/sh
man: No entry for /bin/sh in the manual.
That seems like the correct answer to me because indeed,
there is no manual page named '/bin/sh', and the man(1)
manual says:
man [...] name ...
The man utility displays the manual pages entitled _name_.
> Unfortunately, 'mandoc /bin/sh' also fails, although not as
> badly.
In which way exactly? On OpenBSD, i see this:
schwarze@isnote $ mandoc /bin/sh
() ()
?ELF???????????????????? 6??4???Oe??????4? ? ?(?????????4???4???4??? ???
???????????????????????????b??b???????????????p????? ???
[...]
That seems correct behaviour, too. The mandoc(1) manual says:
mandoc [...] [file ...]
The mandoc utility formats UNIX manual pages for display.
By default, mandoc reads mdoc(7) or man(7) text from stdin, implying
-mandoc, and produces -T locale output.
[...]
Input Formats
[...]
A third option, -mandoc, which is also the default, determines encoding
on-the-fly: if the first non-comment macro is `Dd' or `Dt', the mdoc(7)
parser is used; otherwise, the man(7) parser is used.
So, the binary is interpreted as man(7) code, as it should,
and invalid characters are replaced with question marks.
> Is it feasible to use file(1) to check a file's type before
> displaying it?
No. Mandoc is a moderately security-sensitive program because root
may run it. Complexity should be avoided. Besides, on most systems,
the implementation of file(1) is very low-quality, insecure, and should
never be run by root.
> Or maybe to incorporate some of those or similar tests directly
> into mandoc?
No. Too much complexity. What's wrong with the current behaviour?
I see no need to do anything special about blatant abuse like "mandoc
/bin/sh" that will only very rarely happen in practice.
Yours,
Ingo
--
To unsubscribe send an email to discuss+unsubscribe@mdocml.bsd.lv