From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 23696 invoked from network); 4 Jun 2021 20:21:36 -0000 Received: from zero.zsh.org (2a02:898:31:0:48:4558:7a:7368) by inbox.vuxu.org with ESMTPUTF8; 4 Jun 2021 20:21:36 -0000 ARC-Seal: i=1; cv=none; a=rsa-sha256; d=zsh.org; s=rsa-20200801; t=1622838096; b=KLgLl+lf//xoOHXycFWRbMKnUQzwyqBuXPMpSZ3QDJJpBDjkN62DpK+W1sSlt4Ja5wb1EfNYEx LDFWLdSWYTkNY2UxZhnmOYz19PhsnmijN6h47kjl/AlINNbnQBLeSlIYYalCIJ3PBIOomdil9F /o3Ga3sIRQZp+jzhaRQPITBnjezuxENpZNPy2TO8P0wqxAMfdtgE25h3HLETWBJ8JFgFWq1/lw Bh+ynHGTvqNbGxpObpthnNYzD8jZYkalez4IpABSzu5nkxjS7TubaArxRzS5I8a+r285QyAcz5 81dx7LAgfHLuZ9+hYQB4fqSERvu7fzo2NLg3ijSpAuYeqg==; ARC-Authentication-Results: i=1; zsh.org; iprev=pass (relay6-d.mail.gandi.net) smtp.remote-ip=217.70.183.198; dmarc=none header.from=chazelas.org; arc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed; d=zsh.org; s=rsa-20200801; t=1622838096; bh=S2RQhFGbinDCU05gSGYmU8aXKBGUe6wZm6eMguBSMng=; h=List-Archive:List-Owner:List-Post:List-Unsubscribe:List-Subscribe:List-Help: List-Id:Sender:In-Reply-To:Content-Transfer-Encoding:Content-Type: MIME-Version:References:Message-ID:Subject:Cc:To:From:Date:DKIM-Signature; b=e73EwQj6GtIfS/r0zuvprFDx4GC6p5UQHcgRWcfI7/TWJDiTMGrPz9zDRRmzcI+SgMtAckBZc+ 0lNqKmQ394R1zL5Z/v8HjpRt5U9SEF97oMFTDjHmEz/3J+P4WsLeBR9IlCXx0swN5Tktdl1L8J c7jX0t1pn1EuhXqfTunaFw0YDg3Cr1/X+FHqJOfxD4maZzfoTIw2u6I4BBIAbazKhMOKS0f/39 uk6WbGQiNvHURAvUzYQ6EpEtJ9hovfrR6bSu0yNnKibofd75TElKL9wNWfGquB7iEjJRtsIutk n3U+PnLvmfKCEbb0HiUlDmaULoIOIX1fzUS7xO3NAFi1CA==; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=zsh.org; s=rsa-20200801; h=List-Archive:List-Owner:List-Post:List-Unsubscribe: List-Subscribe:List-Help:List-Id:Sender:In-Reply-To:Content-Transfer-Encoding :Content-Type:MIME-Version:References:Message-ID:Subject:Cc:To:From:Date: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID; bh=W1c5ouvdkjJ7FgzXAzRYbAfjABHDKWfHRbm6UTJCX1I=; b=tPxv8Zw9k8RUJ9wQdtIxA4eDTg zmu9OZUAxRlIE4j04Zbi6uPBF0yIgjRp9qQW5B7AF3TL8LtFKUk7JnaEPHjfwCCq/WXUpdP3fcGY6 xKAIVgSNVgf9MEjg9gpb7vn59hwXZszKB800n3pvsLKIiDELQXh4WV/sW8fe1cV56zxr3fgVf5AIa 6tYkdgSB8TekEpRSO6QloG6DFxjTn9Lt75zPOmL7B236Q6iSHRHSutcxHeI/5U2qoGclUOixnO4aK 4AGdLW2VtrHoeHTe8dM8v5VQVMbU842T76Y8OyfebQzAZvs+fXqOTei48m+aAFbNJ1/IpXQO4B+eo eoRxHF0w==; Received: from authenticated user by zero.zsh.org with local id 1lpGJz-000EZo-Ry; Fri, 04 Jun 2021 20:21:35 +0000 Authentication-Results: zsh.org; iprev=pass (relay6-d.mail.gandi.net) smtp.remote-ip=217.70.183.198; dmarc=none header.from=chazelas.org; arc=none Received: from relay6-d.mail.gandi.net ([217.70.183.198]:51037) by zero.zsh.org with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) id 1lpGJi-000EIj-W1; Fri, 04 Jun 2021 20:21:19 +0000 Received: (Authenticated sender: stephane@chazelas.org) by relay6-d.mail.gandi.net (Postfix) with ESMTPSA id 609EEC0005; Fri, 4 Jun 2021 20:21:16 +0000 (UTC) Date: Fri, 4 Jun 2021 21:21:16 +0100 From: Stephane Chazelas To: Bart Schaefer Cc: Peter Stephenson , Zsh hackers list Subject: Re: [PATCH (not final)] (take three?) unset "array[$anything]" Message-ID: <20210604202116.gnxqqegfnmki2i57@chazelas.org> Mail-Followup-To: Bart Schaefer , Peter Stephenson , Zsh hackers list References: <20210602142005.b5tw2hj2c6q3psqv@chazelas.org> <1629605749.599911.1622710481163@mail2.virginmedia.com> <20210603131347.i7bv7ao7j3hk3a2e@chazelas.org> <20210604080200.pnlzjexcuu3oyjcy@chazelas.org> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Seq: 49017 Archived-At: X-Loop: zsh-workers@zsh.org Errors-To: zsh-workers-owner@zsh.org Precedence: list Precedence: bulk Sender: zsh-workers-request@zsh.org X-no-archive: yes List-Id: List-Help: List-Subscribe: List-Unsubscribe: List-Post: List-Owner: List-Archive: 2021-06-04 11:36:09 -0700, Bart Schaefer: > On Fri, Jun 4, 2021 at 1:02 AM Stephane Chazelas wrote: > > > > It also means the lexer, a large and complex bit of code whose > > behaviour also depends on a the setting of a number of options > > will end up being exposed to user-supplied data (of the users of > > the zsh scripts, not just the users of zsh), which adds some > > level of risk. > > This remark baffles me. The exact same code is used for ${v/pat/repl} > among other things, I haven't added any new entry point to the lexer. But there (and I expect most other contexts where that is used), the repl is not data supplied by the user of the script, it will be typically fixed code like $replacement as supplied by the *author* of the script. While in: while IFS=, read -r a b c; do unset "hash[$b]" done < data And with the stripquotes patch, you'd have the *contents* of $b (from external data), not the literal $b string fed to the lexer as if it was meant to be zsh code. [...] > > Currently we can do (reliably): > > > > read 'hash[$key]' > > It's unfortunate that this is "reliable" because I'm pretty sure it's > totally unintentional and should be considered a bug. "read" should > not be re-interpreting $key in its NAME parameter. I'd tend to agree with that statement, and it's this kind of thing that makes things taking lvalues or arithmetic expressions very dangerous. As discussed several times (IIRC, Oliver Kiddle brought it up in 2014 in the aftermaths of shellshock). ((x == 1)) or printf %d x or read "array[x]" are also command injection vulnerabilities for the same kind of reason. Here for instance when x='psvar[$(reboot)1]' even though there's probably not a good reason why $(reboot) would be expanded when x is referenced in an arithmetic expression. > > > and can't do (reliably) > > > > read "hash[$key]" > > That one ought to be reliable if using hash elements here is permitted at all. > > > If we align with whatever solution we pick for unset, we're > > going to break a lot more scripts. I don't think we can touch > > those at least in the default mode operation. > > I don't know how many is "a lot" here I don't have an answer to that either. > because frankly this is > something I would never have thought of attempting in the first place > (particularly, relying on the buggy behavior of the single-quoted > case). But I really want to STOP talking about this in the same > thread as the "unset" question. Well, it would be good if all those things would be fixed once and for all and in a consistent way. There's also the fact that we can't do: hash['foo bar baz'$'\n'...]=value (one needs things like hash[${(pl[1][\n])}]=x to set elements of key $'\n') or array[1 + 1]=4 That is pretty annoying. Hard to fix without breaking backward portability, but could we introduce a better design under a new option (setopt bettersubscriptsandarithmetics), or a "use 6.0" à la perl? See also https://github.com/ksh93/ksh/issues/152 where Martijn Dekker has done some improvements on that front in ksh93. -- Stephane