Bug 35940
| Summary: | red(1) manual doesn't explain red(1). | ||
|---|---|---|---|
| Product: | Documentation | Reporter: | Gary W. Swearingen <swear> |
| Component: | Books & Articles | Assignee: | Giorgos Keramidas <keramida> |
| Status: | Closed FIXED | ||
| Severity: | Affects Only Me | ||
| Priority: | Normal | ||
| Version: | Latest | ||
| Hardware: | Any | ||
| OS: | Any | ||
On 2002-03-15 18:10, Gary W. Swearingen wrote: > > 'red' is the same as 'ed' except that it prohibits the use of > certain kinds of 'file' argument values, including those that > would cause 'ed' to execute a shell command and those that > contain a '/'. Consider it to be "restricted ed". How does this look? Mind you, the text was already there. I just uncommented it and made minor markup changes. Index: ed.1 =================================================================== RCS file: /home/ncvs/src/bin/ed/ed.1,v retrieving revision 1.29 diff -2 -u -r1.29 ed.1 --- ed.1 10 Aug 2001 17:35:07 -0000 1.29 +++ ed.1 16 Mar 2002 16:25:22 -0000 @@ -13,6 +13,4 @@ .Op Fl p Ar string .Op Ar file -.\" .LP -.\" red [-] [-sx] [-p \fIstring\fR] [\fIfile\fR] .Sh DESCRIPTION .Nm Ed @@ -20,9 +18,11 @@ It is used to create, display, modify and otherwise manipulate text files. -.\" .B red -.\" is a restricted -.\" .BR ed : -.\" it can only edit files in the current -.\" directory and cannot execute shell commands. +.Pp +If invoked as +.Nm red , +then +.Nm +can only edit files in the current directory +and cannot execute shell commands. .Pp If invoked with a Giorgos Keramidas FreeBSD Documentation Project keramida@{freebsd.org,ceid.upatras.gr} http://www.FreeBSD.org/docproj/ Giorgos Keramidas <keramida@freebsd.org> writes: > How does this look? Mind you, the text was already there. > I just uncommented it and made minor markup changes. > +If invoked as > +.Nm red , > +then > +.Nm > +can only edit files in the current directory > +and cannot execute shell commands. It looks OK. If I were doing it, which I'm not, I'd ensure it was mentioned in the synopsis, and since the above IS a synopsis, I'd just put that there. I'd also be more accurate about what the "restrictions" are. For instance, from my unfinished look at the code, it looked like it would restrict one from editing "./xxx" which is in the current directory. Maybe you should commit your change and leave the PR open in case somebody later cares enough to improve it (or better, the program). On 2002-03-17 12:00, Gary W. Swearingen wrote: > I'd also be more accurate about what the "restrictions" are. For > instance, from my unfinished look at the code, it looked like it would > restrict one from editing "./xxx" which is in the current directory. > Maybe you should commit your change and leave the PR open in case > somebody later cares enough to improve it (or better, the program). Indeed. I'll try to come up with a more verbose description of the restrictions, trying not to duplicate the code "in words". hades:~$ red f ./foo ? h shell access restricted Giorgos Keramidas FreeBSD Documentation Project keramida@{freebsd.org,ceid.upatras.gr} http://www.FreeBSD.org/docproj/ State Changed From-To: open->analyzed I'm updating the changes to ed.1 and will try to add a more verbose description of red(1), later tonight. Responsible Changed From-To: freebsd-doc->keramida On 2002-04-01 06:54, keramida@FreeBSD.org wrote: > Synopsis: red(1) manual doesn't explain red(1). How about the slightly more verbose diff shown below. I tried to describe red's restrictions, without touching every single command description in the file that is affected by "restricted mode". What do you all think? Index: ed.1 =================================================================== RCS file: /home/ncvs/src/bin/ed/ed.1,v retrieving revision 1.29 diff -2 -u -r1.29 ed.1 --- ed.1 10 Aug 2001 17:35:07 -0000 1.29 +++ ed.1 1 Apr 2002 23:18:02 -0000 @@ -13,6 +13,9 @@ .Op Fl p Ar string .Op Ar file -.\" .LP -.\" red [-] [-sx] [-p \fIstring\fR] [\fIfile\fR] +.Nm red +.Op Fl +.Op Fl sx +.Op Fl p Ar string +.Op Ar file .Sh DESCRIPTION .Nm Ed @@ -20,9 +23,25 @@ It is used to create, display, modify and otherwise manipulate text files. -.\" .B red -.\" is a restricted -.\" .BR ed : -.\" it can only edit files in the current -.\" directory and cannot execute shell commands. +.Pp +When invoked as +.Nm red , +the editor runs in +.Qq restricted +mode. +While running in restricted mode, +the editor only allows editing of files in the current directory +(any filename that contains a path delimiter +.Ql \&/ +is forbidden), +and forbids the use of shell escapes (certain commands accept shell +commands where a filename is expected, +preceded by a shell bang +.Ql \&! +character). +Only commands that are related to filenames and shell escapes +are affected by the restricted mode. +All other +.Nm red +commands, work as expected. .Pp If invoked with a Giorgos Keramidas <keramida@freebsd.org> writes: > What do you all think? I thought that I liked it, as long as it doesn't need something to reflect the code's check for '!strcmp(s, "..")'. I still haven't figured that one out. Why not "." too? The OS wouldn't let you write to '..' anyway. But then I discovered that "only allows editing of files in the current directory" isn't true; just make softlinks to the outside files and you can edit such files unrestricted. (This might explain why the "red" stuff was commented out; maybe someone didn't want people to get the impression there WAS a restricted mode. But it's still there.) I don't know what should be done. I'd probably just say that it restricts the use of filenames which start with "!" or contain a "/" and add a WARNING that the filename restrictions are only useful if the user doesn't have write access to the current directory so links cannot be added. Maybe: When invoked as .Nm red , the editor runs in .Qq restricted mode, in which the only difference is that the editor restricts the use of filenames which start with .Ql \&! (interpreted as shell commands by .Nm ed ) or contain a .Ql \&/ . WARNING: This means that the editing of files outside the current directory is only restricted if the user does not have write access to the current directory. If you'd rather work on what you had, here's some nitpicking of that: > +When invoked as > +.Nm red , > +the editor runs in > +.Qq restricted > +mode. > +While running in restricted mode, [Or replace above two lines with:] mode, in which [I'm not sure about the comma, but I'd use it.] > +the editor only allows editing of files in the current directory > +(any filename that contains a path delimiter > +.Ql \&/ > +is forbidden), I would omit the comma, but I'm fairly sure it's OK. > +and forbids the use of shell escapes (certain commands accept shell > +commands where a filename is expected, > +preceded by a shell bang > +.Ql \&! > +character). > +All other > +.Nm red > +commands, work as expected. Definitely lose the comma. State Changed From-To: analyzed->closed Committed a slightly modified version of the text suggested by Gary in the audit trail of this PR to CURRENT. I will handle the MFC after a while. Big thanks to Gary W. Swearingen who took the time to review my diffs and comment on them, while he was already too busy doing the "real life" thing :-) |
The red(1) manual doesn't mention the command outside the "Name" section. ================ Fix: At the end of the "Synopsis" section, add: 'red' is the same as 'ed' except that it prohibits the use of certain kinds of 'file' argument values, including those that would cause 'ed' to execute a shell command and those that contain a '/'. Consider it to be "restricted ed". That should be improved, but I don't understand the relevant code, mostly at the bottom of "/usr/src/bin/ed/main.c". How-To-Repeat: n/a ================