From swear@blarg.net  Fri Mar 15 18:08:29 2002
Return-Path: <swear@blarg.net>
Received: from lists.blarg.net (lists.blarg.net [206.124.128.17])
	by hub.freebsd.org (Postfix) with ESMTP id A032B37B42F
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 15 Mar 2002 18:08:10 -0800 (PST)
Received: from thig.blarg.net (thig.blarg.net [206.124.128.18])
	by lists.blarg.net (Postfix) with ESMTP id 6592EBE6C
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 15 Mar 2002 18:08:10 -0800 (PST)
Received: from localhost.localdomain ([206.124.139.115])
	by thig.blarg.net (8.9.3/8.9.3) with ESMTP id SAA13969
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 15 Mar 2002 18:08:09 -0800
Received: (from jojo@localhost)
	by localhost.localdomain (8.11.6/8.11.3) id g2G2AsK65859;
	Fri, 15 Mar 2002 18:10:54 -0800 (PST)
	(envelope-from swear@blarg.net)
Message-Id: <19zo19clea.o19@localhost.localdomain>
Date: 15 Mar 2002 18:10:53 -0800
From: "Gary W. Swearingen" <swear@blarg.net>
Reply-To: swear@blarg.net
To: FreeBSD-gnats-submit@freebsd.org
Subject: red(1) manual doesn't explain red(1).
X-GNATS-Notify:

>Number:         35940
>Category:       docs
>Synopsis:       red(1) manual doesn't explain red(1).
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    keramida
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          doc-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Mar 15 18:10:01 PST 2002
>Closed-Date:    Mon Jun 24 15:09:49 PDT 2002
>Last-Modified:  Mon Jun 24 15:09:49 PDT 2002
>Originator:     Gary W. Swearingen
>Release:        FreeBSD 4.5-STABLE i386
>Organization:
none
>Environment:
n/a
================
>Description:

The red(1) manual doesn't mention the command outside the "Name" section.
================
>How-To-Repeat:
n/a
================
>Fix:

At the end of the "Synopsis" section, add:

    'red' is the same as 'ed' except that it prohibits the use of
    certain kinds of 'file' argument values, including those that
    would cause 'ed' to execute a shell command and those that
    contain a '/'.  Consider it to be "restricted ed".

That should be improved, but I don't understand the relevant code,
mostly at the bottom of "/usr/src/bin/ed/main.c".
>Release-Note:
>Audit-Trail:

From: Giorgos Keramidas <keramida@freebsd.org>
To: "Gary W. Swearingen" <swear@blarg.net>
Cc: bug-followup@freebsd.org
Subject: Re: docs/35940: red(1) manual doesn't explain red(1).
Date: Sat, 16 Mar 2002 18:28:37 +0200

 On 2002-03-15 18:10, Gary W. Swearingen wrote:
 > 
 > 'red' is the same as 'ed' except that it prohibits the use of
 > certain kinds of 'file' argument values, including those that
 > would cause 'ed' to execute a shell command and those that
 > contain a '/'.  Consider it to be "restricted ed".
 
 How does this look?  Mind you, the text was already there.
 I just uncommented it and made minor markup changes.
 
     Index: ed.1
     ===================================================================
     RCS file: /home/ncvs/src/bin/ed/ed.1,v
     retrieving revision 1.29
     diff -2 -u -r1.29 ed.1
     --- ed.1        10 Aug 2001 17:35:07 -0000      1.29
     +++ ed.1        16 Mar 2002 16:25:22 -0000
     @@ -13,6 +13,4 @@
      .Op Fl p Ar string
      .Op Ar file
     -.\" .LP
     -.\" red [-] [-sx] [-p \fIstring\fR] [\fIfile\fR]
      .Sh DESCRIPTION
      .Nm Ed
     @@ -20,9 +18,11 @@
      It is used to create, display, modify and otherwise manipulate text
      files.
     -.\" .B red
     -.\" is a restricted
     -.\" .BR ed :
     -.\" it can only edit files in the current
     -.\" directory and cannot execute shell commands.
     +.Pp
     +If invoked as
     +.Nm red ,
     +then
     +.Nm
     +can only edit files in the current directory
     +and cannot execute shell commands.
      .Pp
      If invoked with a
 
 Giorgos Keramidas                       FreeBSD Documentation Project
 keramida@{freebsd.org,ceid.upatras.gr}  http://www.FreeBSD.org/docproj/

From: swear@blarg.net (Gary W. Swearingen)
To: Giorgos Keramidas <keramida@freebsd.org>
Cc: bug-followup@freebsd.org
Subject: Re: docs/35940: red(1) manual doesn't explain red(1).
Date: 17 Mar 2002 11:52:45 -0800

 Giorgos Keramidas <keramida@freebsd.org> writes:
 
 > How does this look?  Mind you, the text was already there.
 > I just uncommented it and made minor markup changes.
 
 >     +If invoked as
 >     +.Nm red ,
 >     +then
 >     +.Nm
 >     +can only edit files in the current directory
 >     +and cannot execute shell commands.
 
 It looks OK.  If I were doing it, which I'm not, I'd ensure it was
 mentioned in the synopsis, and since the above IS a synopsis, I'd just
 put that there.  I'd also be more accurate about what the "restrictions"
 are.  For instance, from my unfinished look at the code, it looked like
 it would restrict one from editing "./xxx" which is in the current
 directory.  Maybe you should commit your change and leave the PR open
 in case somebody later cares enough to improve it (or better, the
 program).

From: Giorgos Keramidas <keramida@freebsd.org>
To: "Gary W. Swearingen" <swear@blarg.net>
Cc: bug-followup@freebsd.org
Subject: Re: docs/35940: red(1) manual doesn't explain red(1).
Date: Mon, 18 Mar 2002 01:44:47 +0200

 On 2002-03-17 12:00, Gary W. Swearingen wrote:
 > I'd also be more accurate about what the "restrictions" are.  For
 > instance, from my unfinished look at the code, it looked like it would
 > restrict one from editing "./xxx" which is in the current directory.
 > Maybe you should commit your change and leave the PR open in case
 > somebody later cares enough to improve it (or better, the program).
 
 Indeed.  I'll try to come up with a more verbose description of the
 restrictions, trying not to duplicate the code "in words".
 
 	hades:~$ red
 	f ./foo
 	?
 	h
 	shell access restricted
 
 Giorgos Keramidas                       FreeBSD Documentation Project
 keramida@{freebsd.org,ceid.upatras.gr}  http://www.FreeBSD.org/docproj/
State-Changed-From-To: open->analyzed 
State-Changed-By: keramida 
State-Changed-When: Mon Apr 1 06:53:24 PST 2002 
State-Changed-Why:  
I'm updating the changes to ed.1 and will try to add a more verbose 
description of red(1), later tonight. 


Responsible-Changed-From-To: freebsd-doc->keramida 
Responsible-Changed-By: keramida 
Responsible-Changed-When: Mon Apr 1 06:53:24 PST 2002 
Responsible-Changed-Why:  

http://www.freebsd.org/cgi/query-pr.cgi?pr=35940 

From: Giorgos Keramidas <keramida@freebsd.org>
To: swear@blarg.net
Cc: bug-followup@freebsd.org
Subject: Re: docs/35940: red(1) manual doesn't explain red(1).
Date: Tue, 2 Apr 2002 02:21:24 +0300

 On 2002-04-01 06:54, keramida@FreeBSD.org wrote:
 > Synopsis: red(1) manual doesn't explain red(1).
 
 How about the slightly more verbose diff shown below.  I tried to describe
 red's restrictions, without touching every single command description in
 the file that is affected by "restricted mode".
 
 What do you all think?
 
   Index: ed.1
   ===================================================================
   RCS file: /home/ncvs/src/bin/ed/ed.1,v
   retrieving revision 1.29
   diff -2 -u -r1.29 ed.1
   --- ed.1	10 Aug 2001 17:35:07 -0000	1.29
   +++ ed.1	1 Apr 2002 23:18:02 -0000
   @@ -13,6 +13,9 @@
    .Op Fl p Ar string
    .Op Ar file
   -.\" .LP
   -.\" red [-] [-sx] [-p \fIstring\fR] [\fIfile\fR]
   +.Nm red
   +.Op Fl
   +.Op Fl sx
   +.Op Fl p Ar string
   +.Op Ar file
    .Sh DESCRIPTION
    .Nm Ed
   @@ -20,9 +23,25 @@
    It is used to create, display, modify and otherwise manipulate text
    files.
   -.\" .B red
   -.\" is a restricted
   -.\" .BR ed :
   -.\" it can only edit files in the current
   -.\" directory and cannot execute shell commands.
   +.Pp
   +When invoked as
   +.Nm red ,
   +the editor runs in
   +.Qq restricted
   +mode.
   +While running in restricted mode,
   +the editor only allows editing of files in the current directory
   +(any filename that contains a path delimiter
   +.Ql \&/
   +is forbidden),
   +and forbids the use of shell escapes (certain commands accept shell
   +commands where a filename is expected,
   +preceded by a shell bang
   +.Ql \&!
   +character).
   +Only commands that are related to filenames and shell escapes
   +are affected by the restricted mode.
   +All other
   +.Nm red
   +commands, work as expected.
    .Pp
    If invoked with a

From: swear@blarg.net (Gary W. Swearingen)
To: Giorgos Keramidas <keramida@freebsd.org>
Cc: swear@blarg.net, bug-followup@freebsd.org
Subject: Re: docs/35940: red(1) manual doesn't explain red(1).
Date: 01 Apr 2002 19:55:00 -0800

 Giorgos Keramidas <keramida@freebsd.org> writes:
 
 > What do you all think?
 
 I thought that I liked it, as long as it doesn't need something to
 reflect the code's check for '!strcmp(s, "..")'.  I still haven't
 figured that one out. Why not "." too?  The OS wouldn't let you write 
 to '..' anyway.
 
 But then I discovered that "only allows editing of files in the current
 directory" isn't true; just make softlinks to the outside files and you
 can edit such files unrestricted.  (This might explain why the "red"
 stuff was commented out; maybe someone didn't want people to get the
 impression there WAS a restricted mode.  But it's still there.)
 
 I don't know what should be done.  I'd probably just say that it
 restricts the use of filenames which start with "!" or contain a "/"
 and add a WARNING that the filename restrictions are only
 useful if the user doesn't have write access to the current directory
 so links cannot be added.  Maybe:
 
     When invoked as
     .Nm red ,
     the editor runs in
     .Qq restricted
      mode, in which the only difference is that the
     editor restricts the use of filenames which start with
     .Ql \&!
     (interpreted as shell commands by
     .Nm ed )
     or contain a
     .Ql \&/ .
     WARNING: This means that the editing of files outside the current
     directory is only restricted if the user does not have write access
     to the current directory.
 
 If you'd rather work on what you had, here's some nitpicking of that:
 
 >   +When invoked as
 >   +.Nm red ,
 >   +the editor runs in
 >   +.Qq restricted
 >   +mode.
 >   +While running in restricted mode,
 [Or replace above two lines with:]
      mode, in which
 [I'm not sure about the comma, but I'd use it.]
 
 >   +the editor only allows editing of files in the current directory
 >   +(any filename that contains a path delimiter
 >   +.Ql \&/
 >   +is forbidden),
 I would omit the comma, but I'm fairly sure it's OK.
 
 >   +and forbids the use of shell escapes (certain commands accept shell
 >   +commands where a filename is expected,
 >   +preceded by a shell bang
 >   +.Ql \&!
 >   +character).
 
 >   +All other
 >   +.Nm red
 >   +commands, work as expected.
 Definitely lose the comma.
State-Changed-From-To: analyzed->closed 
State-Changed-By: keramida 
State-Changed-When: Mon Jun 24 15:07:03 PDT 2002 
State-Changed-Why:  
Committed a slightly modified version of the text suggested by Gary in 
the audit trail of this PR to CURRENT.  I will handle the MFC after a 
while.  Big thanks to Gary W. Swearingen who took the time to review 
my diffs and comment on them, while he was already too busy doing the 
"real life" thing :-) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=35940 
>Unformatted:
