From owner-dev-commits-src-main@freebsd.org Sat Sep 25 01:59:02 2021 Return-Path: Delivered-To: dev-commits-src-main@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 4A672678B25; Sat, 25 Sep 2021 01:59:02 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4HGXBZ1YYRz4mm7; Sat, 25 Sep 2021 01:59:02 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 1695E21B19; Sat, 25 Sep 2021 01:59:02 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 18P1x1tM075823; Sat, 25 Sep 2021 01:59:01 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 18P1x1IQ075822; Sat, 25 Sep 2021 01:59:01 GMT (envelope-from git) Date: Sat, 25 Sep 2021 01:59:01 GMT Message-Id: <202109250159.18P1x1IQ075822@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kyle Evans Subject: git: e12a0ffe2b01 - main - makesyscalls: rip out arbitrary command execution MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kevans X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: e12a0ffe2b01a653a213423435bfe0a696ca737e Auto-Submitted: auto-generated X-BeenThere: dev-commits-src-main@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Commit messages for the main branch of the src repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Sep 2021 01:59:02 -0000 The branch main has been updated by kevans: URL: https://cgit.FreeBSD.org/src/commit/?id=e12a0ffe2b01a653a213423435bfe0a696ca737e commit e12a0ffe2b01a653a213423435bfe0a696ca737e Author: Kyle Evans AuthorDate: 2021-09-24 01:04:36 +0000 Commit: Kyle Evans CommitDate: 2021-09-25 01:53:44 +0000 makesyscalls: rip out arbitrary command execution This was previously needed only for CloudABI, which used it to generate its capenabled from syscalls.master. CloudABI was removed in cf0ee8738e31, so we don't need to support this anymore. Others looking to do similar things should come up with a more integrated technique, such as a .conf flag or pattern/glob support. brooks suggests that it could be done in modern makesyscalls.lua by adding a config flag to specify always-on/initial flags (CAPENABLED). Reviewed by: brooks, imp MFC after: never Differential Revision: https://reviews.freebsd.org/D32095 --- sys/tools/makesyscalls.lua | 35 ++--------------------------------- 1 file changed, 2 insertions(+), 33 deletions(-) diff --git a/sys/tools/makesyscalls.lua b/sys/tools/makesyscalls.lua index 811101305ec4..64b260eb65bf 100644 --- a/sys/tools/makesyscalls.lua +++ b/sys/tools/makesyscalls.lua @@ -195,19 +195,6 @@ local function trim(s, char) return s:gsub("^" .. char .. "+", ""):gsub(char .. "+$", "") end --- We have to io.popen it, making sure it's properly escaped, and grab the --- output from the handle returned. -local function exec(cmd) - cmd = cmd:gsub('"', '\\"') - - local shcmd = "/bin/sh -c \"" .. cmd .. "\"" - local fh = io.popen(shcmd) - local output = fh:read("a") - - fh:close() - return output -end - -- config looks like a shell script; in fact, the previous makesyscalls.sh -- script actually sourced it in. It had a pretty common format, so we should -- be fine to make various assumptions @@ -240,8 +227,9 @@ local function process_config(file) key = trim(key) value = trim(value) local delim = value:sub(1,1) - if delim == '`' or delim == '"' then + if delim == '"' then local trailing_context + -- Strip off the key/value part trailing_context = nextline:sub(kvp:len() + 1) -- Strip off any trailing comment @@ -253,26 +241,7 @@ local function process_config(file) print(trailing_context) abort(1, "Malformed line: " .. nextline) end - end - if delim == '`' then - -- Command substition may use $1 and $2 to mean - -- the syscall definition file and itself - -- respectively. We'll go ahead and replace - -- $[0-9] with respective arg in case we want to - -- expand this in the future easily... - value = trim(value, delim) - for capture in value:gmatch("$([0-9]+)") do - capture = tonumber(capture) - if capture > #arg then - abort(1, "Not enough args: " .. - value) - end - value = value:gsub("$" .. capture, - arg[capture]) - end - value = exec(value) - elseif delim == '"' then value = trim(value, delim) else -- Strip off potential comments