Date: Tue, 30 Sep 2003 14:19:35 -0400 (EDT) From: Jonathan Lennox <lennox@cs.columbia.edu> To: FreeBSD-gnats-submit@FreeBSD.org Subject: bin/57414: /usr/bin/script fails silently if stdin is not a terminal Message-ID: <200309301819.h8UIJZv5022389@cnr.cs.columbia.edu> Resent-Message-ID: <200309301820.h8UIKIFM039076@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 57414 >Category: bin >Synopsis: /usr/bin/script fails silently if stdin is not a terminal >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Sep 30 11:20:17 PDT 2003 >Closed-Date: >Last-Modified: >Originator: Jonathan Lennox >Release: FreeBSD 5.1-RELEASE-p7 i386 >Organization: Columbia University >Environment: System: FreeBSD cnr.cs.columbia.edu 5.1-RELEASE-p7 FreeBSD 5.1-RELEASE-p7 #7: Wed Sep 24 18:19:12 EDT 2003 lennox@cnr.cs.columbia.edu:/usr/obj/usr/src/sys/CNR i386 >Description: The /usr/bin/script utility fails silently if its standard input is not a terminal. It does nothing, and does not execute its argument, but exits with a successful output status. This is not such a big deal if the user is using 'script' directly -- it's pretty easy to figure out what happened. However, this can be *extremely* surprising -- and dangerous -- if 'script' is called by some other program which doesn't document this limitation. In particular, the 'portupgrade' utility wraps its calls to 'make' and 'make install' of upgraded ports in 'script'. As a result, if portupgrade is run with its standard input redirected, out-of-date ports will be deleted and then not reinstalled, with no warning or indication of any problem. >How-To-Repeat: $ script /var/tmp/foo cat /etc/passwd < /dev/null outputs only Script started, output file is /var/tmp/foo Script done, output file is /var/tmp/foo and /var/tmp/foo is empty. # BATCH=yes portupgrade -arRv < /dev/null > /var/tmp/portupgrade.log 2>&1 & (which seems like a perfectly reasonable way of upgrading all one's ports, without having to stay logged in to watch it happen) deletes all out-of-date ports from your system, without replacing them with up-to-date versions. >Fix: The following patch causes /usr/bin/script to error quickly with a non-zero exit status if tcgetattr or ioctl fail, as they will if stdin is not a tty. --- usr.bin/script/script.1.orig Tue Sep 30 14:02:29 2003 +++ usr.bin/script/script.1 Tue Sep 30 14:06:29 2003 @@ -155,3 +155,7 @@ mode, echo cancelling is far from ideal. The slave terminal mode is checked for ECHO mode to check when to avoid manual echo logging. This does not work when in a raw mode where the program being run is doing manual echo. +.Pp +The +.Nm +utility fails if the standard input is not a terminal. --- usr.bin/script/script.c.orig Tue Sep 30 14:01:46 2003 +++ usr.bin/script/script.c Tue Sep 30 14:04:48 2003 @@ -126,8 +126,10 @@ if ((fscript = fopen(fname, aflg ? "a" : "w")) == NULL) err(1, "%s", fname); - (void)tcgetattr(STDIN_FILENO, &tt); - (void)ioctl(STDIN_FILENO, TIOCGWINSZ, &win); + if (tcgetattr(STDIN_FILENO, &tt) == -1) + err(1, "tcgetattr"); + if (ioctl(STDIN_FILENO, TIOCGWINSZ, &win) == -1) + err(1, "ioctl"); if (openpty(&master, &slave, NULL, &tt, &win) == -1) err(1, "openpty"); >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200309301819.h8UIJZv5022389>