From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, HTML_MESSAGE,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 27704 invoked from network); 26 Jan 2022 17:33:24 -0000 Received: from zero.zsh.org (2a02:898:31:0:48:4558:7a:7368) by inbox.vuxu.org with ESMTPUTF8; 26 Jan 2022 17:33:24 -0000 ARC-Seal: i=1; cv=none; a=rsa-sha256; d=zsh.org; s=rsa-20210803; t=1643218404; b=XuqCCYe+um6/dP/yr7/eaHbMHZTOEOGHu/ttHMtromdlg701uS7/hDf52LlCXYDEKVlFOW+2tA tKBL4H7KbhRphucQ1XSc2qMHAw9wnLbJrkumDAd1+MVeJrYU1yKAwsJKfBky8enCJPxsqeF/Hf 3aTywFAwzfWhqisPe5eDwLx4V4Mg0ZqlJY0DSbkoT5pj3Y/xSDzE24RgaXkGhiK3WIQtRmqQeK j5FZuLxMnSCfyTIXFHBULsFdevEZ7AhCZ219yXhmPt04/sRfBinUXAjfEhEgnPuuRpL7c07Tv0 c0LmKWz4bwEybG0oYhYVdfqF1rZ/SEyJ8sSyRGNWl5Tg0A==; ARC-Authentication-Results: i=1; zsh.org; iprev=pass (mail-yb1-f177.google.com) smtp.remote-ip=209.85.219.177; dkim=pass header.d=brasslantern-com.20210112.gappssmtp.com header.s=20210112 header.a=rsa-sha256; dmarc=none header.from=brasslantern.com; arc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed; d=zsh.org; s=rsa-20210803; t=1643218404; bh=3kKKkvLamMfHDgBzFirzTeSsad3CNaaZTmvUWCJW/lU=; h=List-Archive:List-Owner:List-Post:List-Unsubscribe:List-Subscribe:List-Help: List-Id:Sender:Content-Type:Cc:To:Subject:Message-ID:Date:From:In-Reply-To: References:MIME-Version:DKIM-Signature:DKIM-Signature; b=ByiJ7cd3ZANNnbiwwca6JkAKrshv8Xe+k2xzBuoNQA8zZS1QN+77w1PqJc1PquI8GlUnVWL7xM lDzE8EbXqMX4rjRmLrpdNU4Q0MzaT4DeD6SitxdtryHjRBcE5jgr2ns+jRVaQZzByQFe8ytoxO o/AgZUqf7aXtEK7GKCvw4pCahmYxiqgwZP2m7tAb4NP6CGQrhKPSfMPz8X4/soYW7unfbmmgui SsUvmxfP0kPUk7kr3JkkoOUcHZYvb+a6+gUZiUXh830x3gPL1BR7bIEJ8EhIYvm+mkn7/ZuHLT PSvMUjQ+D+6+kUq8NUnDteCK9DW5dlITH7Jcfyz2XHA9Yw==; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=zsh.org; s=rsa-20210803; h=List-Archive:List-Owner:List-Post:List-Unsubscribe: List-Subscribe:List-Help:List-Id:Sender:Content-Type:Cc:To:Subject:Message-ID :Date:From:In-Reply-To:References:MIME-Version:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID; bh=rLsI1aYqlMW2S5IiX1Hpf/zegJ/DAgkhpt4/ddpyrTU=; b=cKIC+mH4leo0zBalVMwvdFqhep NX83brlNiiK26DtPiDfkCAPknGtF8Dfgnrfqa62xoNb2ySLD/F6EqDdgYvk/RWFGINSx02u03p/Wt ko7F/eoV8v/Jsu7+pm9z9uEdf6bmojv7WI5nXdWH2Hhaqy+McWiB7hFFAXfczdTKp59KVBl2WEO9X Xt7pBlKq0FxBxctkET0n2i18zWExV9KHQ+YM6qq9kERoOCMKvfk4yeEivodya1Tb0c9Fxd4wYEYuN 5WD5DT2MF8SSIT+0OngsmqP8LEg1PTzoNeRmhagpfi0CR5GQGIQhga+oW4CiG4eLoKbaJttKB71E1 XvWiyuYw==; Received: from authenticated user by zero.zsh.org with local id 1nCmAd-0008tG-P5; Wed, 26 Jan 2022 17:33:23 +0000 Authentication-Results: zsh.org; iprev=pass (mail-yb1-f177.google.com) smtp.remote-ip=209.85.219.177; dkim=pass header.d=brasslantern-com.20210112.gappssmtp.com header.s=20210112 header.a=rsa-sha256; dmarc=none header.from=brasslantern.com; arc=none Received: from mail-yb1-f177.google.com ([209.85.219.177]:40678) by zero.zsh.org with esmtps (TLS1.3:TLS_AES_128_GCM_SHA256:128) id 1nCmA1-0008YR-A0; Wed, 26 Jan 2022 17:32:46 +0000 Received: by mail-yb1-f177.google.com with SMTP id 23so931644ybf.7 for ; Wed, 26 Jan 2022 09:32:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=brasslantern-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=rLsI1aYqlMW2S5IiX1Hpf/zegJ/DAgkhpt4/ddpyrTU=; b=FapHNugpFw3+kOOzbRvH63aQYPttGWJIfCHJY0KWlAzRNpgn/Ph/UfnQH7cKqvO54P amMduBV3qK7zZcbLoLE2a0sb3nXyBOAOJDB8quFIU16pli7ITeWqnkW2A79gEhM6bCBo cBd7wxoq4rFAhxzAgEnShQLtfzevWM5Hj+waSMt4UWTAeran6ethjYwBzScDL2tqAOmk AvbLsq8NQRmVf6MvGJYNCTf5EJIIaXa98KpZg40c7z0nOZwWL5upEd4f/iSely/LzJ4T AQRlbSHh3gdW4Bm+IfPiO/HtxESNPUvDiX6yx+0Q05GPBmzICcb3bpdl4Wt2niBFo9LZ CPsg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=rLsI1aYqlMW2S5IiX1Hpf/zegJ/DAgkhpt4/ddpyrTU=; b=jNCXJtsPjhkIRDFbKtLm7aTxCkUlkqH+ezBmIiayM4Lx63f06/fFCYsIJj9p6gZXja Wwj8qOHfzXVt9+oJvA78p3BYL7nNtrsfO676mfQEA7zh12gLCr9EsISNzOPgsYwvCXrT ug/SYNR147YhZreSyM33JrFZ1GGzhNlH9bNQDgl4jEiuPN/y916LfUvo1nmVXNqQV3eI z3qlTNuK0eMPcryFUX/aWl+hZtXE1Efgv5fFpMKahon3/xAwUGLzTpibJaGZuTyDCdIp 4cfWD11FuYqOQi1JMrN8ZVcWyxe9UID6/FRX3iAlAFt4ON4F1ptTUvN2j0K+5YmasE2I SGZg== X-Gm-Message-State: AOAM530FiDvjaV3C2TRFF+6UneeMwcDMPP02wmoWIEZJNXyrWw6YvaWp KNUM8Ll+yHCRuLJQn072IP7qfWSeqP3wxsTdZlnbcA== X-Google-Smtp-Source: ABdhPJzRyNut00BUW260ZnqfSrosr8XQeee3+6OFsB3EhRB+w/3Bd5cyEqrSKMUzLDyn0PnWVPUW2TPtRrhVC9wWXEY= X-Received: by 2002:a05:6902:114a:: with SMTP id p10mr8908103ybu.716.1643218363628; Wed, 26 Jan 2022 09:32:43 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Bart Schaefer Date: Wed, 26 Jan 2022 09:32:32 -0800 Message-ID: Subject: Re: noexec does not detect subscript error To: gqqnb2005 Cc: Zsh hackers list Content-Type: multipart/alternative; boundary="000000000000da4d4405d67f966f" X-Seq: 49717 Archived-At: X-Loop: zsh-workers@zsh.org Errors-To: zsh-workers-owner@zsh.org Precedence: list Precedence: bulk Sender: zsh-workers-request@zsh.org X-no-archive: yes List-Id: List-Help: List-Subscribe: List-Unsubscribe: List-Post: List-Owner: List-Archive: --000000000000da4d4405d67f966f Content-Type: text/plain; charset="UTF-8" On Wed, Jan 26, 2022 at 5:44 AM gqqnb2005 wrote: > $ cat a.sh > a=$argv[ > $ zsh -n a.sh > $ zsh a.sh > a.sh:1: invalid subscript > This seems specifically to be a problem with assignments: % zsh -n =(echo ': $argv[') /tmp/zsh8ZwYOj:1: invalid subscript % zsh -n =(echo 'a=$argv[') % zsh -n =(echo ': a=$argv[') /tmp/zshDn6nSf:1: invalid subscript % zsh -n =(echo 'typeset a=$argv[') % There is no syntax check applied to the right-hand-side of an assignment at parse time unless it appears to include a process substitution or similar, that's instead left to happen at run time (which never occurs when noexec is in effect, obviously). Outside of an assignment, prefork substitutions etc. are performed even when noexec is in effect, so the error is caught. It's not clear what to do in the assignment case, because we don't have a separate code path that only checks syntax of parameter substitutions without actually substituting them, and it's probably not appropriate to invoke substitution in the middle of a parse. We could do some simple hacks like looking for unmatched brackets, but even that requires taking quoting into account, etc. --000000000000da4d4405d67f966f Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
On Wed, Jan 26, 2022 at 5:44 AM gqqnb2005= <gqqnb2005@gmail.com> wro= te:
$ cat a.sh
a=3D$argv[
$ zsh -n a.sh
$ zsh a.sh
a.sh:1: invalid subscript

This seems specifi= cally to be a problem with assignments:
% zsh -n =3D(echo ': $argv[')
= /tmp/zsh8ZwYOj:1: invalid subscript
% zsh -= n =3D(echo 'a=3D$argv[')
% zsh -n = =3D(echo ': a=3D$argv[')
/tmp/zshDn6nSf:1: invalid subscript
% zsh -n =3D(echo 'typeset a=3D$argv['= )
%

There is no syntax check applied to the right-hand-side of an assignm= ent at parse time unless it appears to include a process substitution or si= milar, that's instead left to happen at run time (which never occurs wh= en noexec is in effect, obviously).=C2=A0 Outside of an assignment, prefork= substitutions etc. are performed even when noexec is in effect, so the err= or is caught.

It's not clear what to do in the assignment case, because we do= n't have a separate code path that only checks syntax of parameter subs= titutions without actually substituting them, and it's probably not app= ropriate to invoke substitution in the middle of a parse.=C2=A0 We could do= some simple hacks like looking for unmatched brackets, but even that requi= res taking quoting into account, etc.
<= br>
--000000000000da4d4405d67f966f--