OpenBSD now enforcing no invalid NUL characters in shell scripts
OpenBSD's ksh now prohibits invalid NUL characters in scripts to unify shell behavior and prevent inconsistencies. Users must be on OpenBSD-current to utilize this update for improved reliability.
Read original article
OpenBSD has implemented a new enforcement in its default shell, ksh, which prohibits the inclusion of invalid NUL characters in shell scripts. This change, noted in a commit message from Theo de Raadt, states that if a NUL byte is detected during the parsing of a script, the shell will abort with a "syntax error: NUL byte unexpected" message. The decision stems from the observation that various shells exhibit inconsistent behaviors when encountering NUL bytes, leading to potential issues in script execution. The majority of shells, written in C, cannot handle embedded NUL characters due to the nature of C strings. The change aims to standardize shell behavior and prevent further divergence among different shell implementations. Users must be running OpenBSD-current to benefit from this update, as it was introduced after the tagging of OpenBSD 7.6.
- OpenBSD's ksh now disallows invalid NUL characters in scripts.
- The change aims to unify shell behavior and prevent inconsistencies.
- NUL bytes in scripts previously led to divergent behaviors across different shells.
- Users need to be on OpenBSD-current to utilize this new enforcement.
- The update reflects OpenBSD's commitment to improving software reliability.
Related
I Like NetBSD, or Why Portability Matters
NetBSD, founded in 1993, prioritizes portability and simplicity following Unix philosophy. It supports various hardware platforms, emphasizes code quality, and fosters a community valuing system longevity and older tech. NetBSD promotes sustainability and efficiency in software design, offering a cozy, minimal setup for exploration and learning.
Don't use null objects for error handling
The article critiques using null objects for error handling in programming, arguing it misleads users and propagates errors. It advocates for immediate error handling and context-based strategies instead.
I Like NetBSD, or Why Portability Matters
NetBSD, released in 1993, emphasizes portability and modular code, supporting various hardware architectures. It offers a user-friendly experience, aligning with sustainability and customization values, despite lower performance compared to other BSDs.
Some thoughts on OpenSSH 9.8's PerSourcePenalties feature
OpenSSH 9.8 introduces PerSourcePenalties to block malicious SSH sources, allowing targeted blocking. The default penalty duration is one second, minimizing health check disruptions. Users should monitor experiences before adjusting settings.
Shell Has a Forth-Like Quality (2017)
The blog post compares the Unix shell's Forth-like qualities and higher-order programming with systemd's role in Linux boot processes, advocating for an improved shell while favoring daemontools' modular design.
- Many users express concern about the impact on existing scripts and software that rely on NUL characters, particularly self-extracting scripts and shar archives.
- Comments highlight the importance of strict input validation in software development, referencing the concept of a "post-Postel world" where leniency in handling input can lead to security issues.
- Some users question the practicality of the change, wondering if it will lead to more problems than it solves, especially regarding compatibility with other shells.
- There is a general appreciation for OpenBSD's efforts to unify shell behavior and improve reliability, despite concerns about potential disruptions.
- Several comments touch on the historical context of software behavior and the evolution of standards in Unix-like systems.
24 commentshttps://cvsweb.openbsd.org/cgi-bin/cvsweb/src/bin/ksh/shf.c....
And it looks like that covers all parsed parts of the shell script or history file, including heredocs. I get the feeling it's going to break all shar archives with binary files (not that they're particularly common). It will stop NULs being in the script itself, but it won't stop them coming from other sources, e.g.
$ var=$(printf '\0hello')
-bash: warning: command substitution: ignored null byte in input
$ echo $var
hello
> "If there is ONE THING the Unix world needs, it is for bash/ksh/sh to stop diverging further"
> OpenBSD ksh: diverges further
There are two reliability constraints that all software faces; security and interoperability. The more lax you are about validation, the more likely interoperability is. "That's weird, I'll just do whatever" is doing SOMETHING, and it's often to the end user's liking. But, you also enter a more and more undefined state inside the software on the other side, and that's where weird things happen. Weird things happening typically manifest as security problems. So the more effort you go to to minimize the possibility of entering a weird state, the more confidence you have that your software is working as specified.
Postel's Law made a lot of sense to me when developing the early Internet. A lot of people were reading imperfect RFCs, and it was nice when your HP server could communicate with a Sun workstation, even though maybe some bit in the TCP header was set wrong. But now? You just gotta get it right and push a hotfix when you realize you messed something up. (Sadly, I don't think it's possible. Middleboxes are getting more and more popular. At work, we make a product where the CLI talks to the server over HTTP/2. We also install Zscaler on every workstation. Zscaler simply blocks HTTP/2. So you can't use our product. Awkward.)
Curious what this is
Fascinating. I wonder what that program is, and why it depends on the NUL character.
Similar to the olde-tyme "-o noexec" and "-o nosuid" options for `mount`, there should be easy, no-exceptions ways to blanket ban other types of simply obvious red-flag activity.
"Unavailable For Legal Reasons - Sorry, no detailled error message available."
http://www.mirbsd.org/mksh.htm
The Android system shell is now abandoned? This is also in rhel9 basesos.
for each $filename in `ls`
Is there any legitimate use for filenames with newlines?
Big oof here. Why? How?
> If there is ONE THING the Unix world needs, it is for bash/ksh/sh to stop diverging further by permitting STUPID INPUT that cannot plausibly work in all other shells. We are in a post-Postel world.
Amem
I mean, it's a good idea, but I wonder what am I missing here. Also what do they mean by post-Postel?
> If there is ONE THING the Unix world needs, it is for bash/ksh/sh to
> stop diverging further by permitting STUPID INPUT that cannot
> plausibly work in all other shells. We are in a post-Postel world.
>
> It remains possible to put arbitrary bytes *AFTER* the parts of the
> shell script that get parsed & executed (like some Solaris patch files
> do). But you can't put arbirary bytes in the middle, ahead of shell
> script parsed lines, because shells can't jump to arbitrary offsets
> inside the input file, they go THROUGH all the 'valid shell script
> text lines' to get there.
So here it is again, an example of OpenBSD making software behavior saner for all of us.
Related
I Like NetBSD, or Why Portability Matters
NetBSD, founded in 1993, prioritizes portability and simplicity following Unix philosophy. It supports various hardware platforms, emphasizes code quality, and fosters a community valuing system longevity and older tech. NetBSD promotes sustainability and efficiency in software design, offering a cozy, minimal setup for exploration and learning.
Don't use null objects for error handling
The article critiques using null objects for error handling in programming, arguing it misleads users and propagates errors. It advocates for immediate error handling and context-based strategies instead.
I Like NetBSD, or Why Portability Matters
NetBSD, released in 1993, emphasizes portability and modular code, supporting various hardware architectures. It offers a user-friendly experience, aligning with sustainability and customization values, despite lower performance compared to other BSDs.
Some thoughts on OpenSSH 9.8's PerSourcePenalties feature
OpenSSH 9.8 introduces PerSourcePenalties to block malicious SSH sources, allowing targeted blocking. The default penalty duration is one second, minimizing health check disruptions. Users should monitor experiences before adjusting settings.
Shell Has a Forth-Like Quality (2017)
The blog post compares the Unix shell's Forth-like qualities and higher-order programming with systemd's role in Linux boot processes, advocating for an improved shell while favoring daemontools' modular design.