From unknown Sat Sep 20 23:52:06 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#30683 <30683@debbugs.gnu.org> To: bug#30683 <30683@debbugs.gnu.org> Subject: Status: [PATCH] build: add a configure flag to force --sandbox Reply-To: bug#30683 <30683@debbugs.gnu.org> Date: Sun, 21 Sep 2025 06:52:06 +0000 retitle 30683 [PATCH] build: add a configure flag to force --sandbox reassign 30683 sed submitter 30683 Mike Frysinger severity 30683 normal tag 30683 notabug patch thanks From debbugs-submit-bounces@debbugs.gnu.org Fri Mar 02 17:28:34 2018 Received: (at submit) by debbugs.gnu.org; 2 Mar 2018 22:28:34 +0000 Received: from localhost ([127.0.0.1]:41579 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ertAH-0004aY-Vo for submit@debbugs.gnu.org; Fri, 02 Mar 2018 17:28:34 -0500 Received: from eggs.gnu.org ([208.118.235.92]:49364) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ertAF-0004aK-R7 for submit@debbugs.gnu.org; Fri, 02 Mar 2018 17:28:32 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ertA9-0007DG-Kw for submit@debbugs.gnu.org; Fri, 02 Mar 2018 17:28:26 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-0.5 required=5.0 tests=BAYES_05 autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:48729) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1ertA9-0007D4-Hq for submit@debbugs.gnu.org; Fri, 02 Mar 2018 17:28:25 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:40325) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ertA8-0007W7-Cv for bug-sed@gnu.org; Fri, 02 Mar 2018 17:28:25 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ertA6-00079X-IF for bug-sed@gnu.org; Fri, 02 Mar 2018 17:28:24 -0500 Received: from woodpecker.gentoo.org ([2001:470:ea4a:1:5054:ff:fec7:86e4]:56271 helo=smtp.gentoo.org) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1ertA5-000776-VB for bug-sed@gnu.org; Fri, 02 Mar 2018 17:28:22 -0500 Received: from localhost.localdomain (localhost [127.0.0.1]) by smtp.gentoo.org (Postfix) with ESMTP id C73B8335C2C for ; Fri, 2 Mar 2018 22:28:19 +0000 (UTC) From: Mike Frysinger To: bug-sed@gnu.org Subject: [PATCH] build: add a configure flag to force --sandbox Date: Fri, 2 Mar 2018 17:28:15 -0500 Message-Id: <20180302222815.16999-1-vapier@gentoo.org> X-Mailer: git-send-email 2.16.1 X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.4 (----) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -4.4 (----) From: Mike Frysinger When building systems that integrate code scripts from a variety of sources, it's hard to guarantee all users of sed are robust, and it's not easy to make sure everyone uses --sandbox all the time. Lets add a configure option so people can easily build a GNU sed that always enforces --sandbox mode. This makes sure sed stays a dumb text tool and can't be used as an avenue for code injection. Consider a "benign" argument controlled by the user to a script that is inlined as a match in a sed script. Yes, the argument should have been properly checked and/or sanitized, but the overall integrity of the system shouldn't suffer because of these common mistakes. * configure.ac: Add --enable-forced-sandbox option, and define ENABLE_FORCED_SANDBOX when enabled. * sed/sed.c (sandbox): Set to true when ENABLE_FORCED_SANDBOX, else set to false. --- configure.ac | 7 +++++++ sed/sed.c | 7 ++++++- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 4c57d682f976..8531fc2f0fe8 100644 --- a/configure.ac +++ b/configure.ac @@ -123,6 +123,13 @@ fi AM_CONDITIONAL([TEST_SYMLINKS], [test "$ac_cv_func_lstat:$ac_cv_func_readlink" = yes:yes]) +AC_ARG_ENABLE([forced-sandbox], + [AS_HELP_STRING([--enable-forced-sandbox)], + [always run with --sandbox enabled])]) +if test "$enable_forced_sandbox" = "yes"; then + AC_DEFINE([ENABLE_FORCED_SANDBOX], , [Always enabled --sandbox mode]) +fi + AC_ARG_ENABLE(i18n, [ --disable-i18n disable internationalization (default=enabled)], , enable_i18n=yes) diff --git a/sed/sed.c b/sed/sed.c index 65bcab5ac58a..9d4a7a888c54 100644 --- a/sed/sed.c +++ b/sed/sed.c @@ -55,7 +55,12 @@ bool separate_files = false; bool follow_symlinks = false; /* If set, opearate in 'sandbox' mode */ -bool sandbox = false; +bool sandbox = +#ifdef ENABLE_FORCED_SANDBOX + true; +#else + false; +#endif /* How do we edit files in-place? (we don't if NULL) */ char *in_place_extension = NULL; -- 2.16.1 From debbugs-submit-bounces@debbugs.gnu.org Fri Mar 02 18:08:00 2018 Received: (at 30683) by debbugs.gnu.org; 2 Mar 2018 23:08:00 +0000 Received: from localhost ([127.0.0.1]:41622 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ertmP-0000zc-60 for submit@debbugs.gnu.org; Fri, 02 Mar 2018 18:07:59 -0500 Received: from mail-pf0-f181.google.com ([209.85.192.181]:32915) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ertmN-0000zM-Gp; Fri, 02 Mar 2018 18:07:55 -0500 Received: by mail-pf0-f181.google.com with SMTP id q13so4620563pff.0; Fri, 02 Mar 2018 15:07:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:content-transfer-encoding:in-reply-to :user-agent; bh=DyF1r36i91ZtPDnwI/2JG8pcn0YiYylY6UFfiRXNSAQ=; b=sSWuL7vyCaShvZWvZSpN3YzE11NhBkZeM0ZR2He9kRWDoTWMEboS2mYRk1WtgpzHa7 LEskpB5e6/3DHzlFMebag3bIm2vkgGMKavT15myhJM8fu28tv/AFJrUSWpz3q5S5dH38 ZZJx0HMqWVgAigzgt+efYkqZZOmTJFvbVPJ2Mv4u3DwldPzXW3bKHEbC0nuhtXZf863V 29SqpR5LTOKyWanxslUndo4qFSmAOTPM1lbt53b7CIHSln5rKchV0ZzDS2l4b+abdnT/ EOD5uyTsgG0gskWlscV0avk8NKo+uvxKv9ybeCH5xXQXlSh+6iPursJoHm09yfW7G01P VPLA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:content-transfer-encoding :in-reply-to:user-agent; bh=DyF1r36i91ZtPDnwI/2JG8pcn0YiYylY6UFfiRXNSAQ=; b=N5Jcji577i6uIbHojitUqh16YxmIdUap11aMU756cAUacq+67JS/BdM1YqKGEUvWlm OhIbLQlazrfHjm8jaNXgyMiCL0MZkK6kogXNfN5QDcySQ29tZJT+INWyfYdKbtsJCJR1 AvQDIyk0UwYUSuE2TuR8Fmyob/w1Q58gRIOQOgiHtY2GBP32kWUJtiqjGA5qWS8R0VLT qYOHGoyjaW+RKgrAPyYSplbO6iAnCIIXkXuEZKePY9wqfGIqN4O6lfqsj9Udv74VQsst 4E4iSVLFkpp9TCZlVokr9FyhcXm2irVOKe9FI0XYx04yVFvZiUY6DQfi1fVeqw2zCtf3 20kg== X-Gm-Message-State: APf1xPCxiXr47V8/WAiJipS2UUQ/47nPU2odRDNqVvwmZLwRnmEVxZA5 cRh87FIZVF8A/s4oTDpes4M= X-Google-Smtp-Source: AG47ELuUJ+rBqJS23URs0HFpYcxBcDzBZEhjjNRnhIDN1F3Cfbnc0xR5JgCgLAYM4SSx1mz6Lgs2pQ== X-Received: by 10.101.89.74 with SMTP id g10mr5773259pgu.415.1520032069623; Fri, 02 Mar 2018 15:07:49 -0800 (PST) Received: from tomato (moose.housegordon.com. [184.68.105.38]) by smtp.gmail.com with ESMTPSA id f3sm12154404pgn.9.2018.03.02.15.07.47 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 02 Mar 2018 15:07:48 -0800 (PST) Date: Fri, 2 Mar 2018 16:07:45 -0700 From: Assaf Gordon To: Mike Frysinger Subject: Re: bug#30683: [PATCH] build: add a configure flag to force --sandbox Message-ID: <20180302230745.GA8942@tomato> References: <20180302222815.16999-1-vapier@gentoo.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20180302222815.16999-1-vapier@gentoo.org> User-Agent: Mutt/1.5.24 (2015-08-30) X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 30683 Cc: 30683@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) tag 30683 notabug close 30683 stop Hello Mike, On Fri, Mar 02, 2018 at 05:28:15PM -0500, Mike Frysinger wrote: > * configure.ac: Add --enable-forced-sandbox option, and define > ENABLE_FORCED_SANDBOX when enabled. Conceptually I like your idea (since I've added the original --sandbox option to both gnu sed and gawk). However, Adding such "--enable" options to "./configure" goes against the gnu coding standards, which say: No ‘--enable’ option should ever cause one feature to replace another. No ‘--enable’ option should ever substitute one useful behavior for another useful behavior. The only proper use for ‘--enable’ is for questions of whether to build part of the program or exclude it. (source: https://www.gnu.org/prep/standards/html_node/Configuration.html) As such, I'm closing this as not a bug, but discussion can continue by replying to this thread. regards, - assaf From debbugs-submit-bounces@debbugs.gnu.org Fri Mar 02 18:20:23 2018 Received: (at 30683) by debbugs.gnu.org; 2 Mar 2018 23:20:23 +0000 Received: from localhost ([127.0.0.1]:41639 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ertyR-0003F4-E8 for submit@debbugs.gnu.org; Fri, 02 Mar 2018 18:20:23 -0500 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:49162 helo=mx1.redhat.com) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ertyP-0003Er-Fm for 30683@debbugs.gnu.org; Fri, 02 Mar 2018 18:20:21 -0500 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id E0B614023112; Fri, 2 Mar 2018 23:20:13 +0000 (UTC) Received: from [10.10.122.122] (ovpn-122-122.rdu2.redhat.com [10.10.122.122]) by smtp.corp.redhat.com (Postfix) with ESMTP id 0D3462156601; Fri, 2 Mar 2018 23:20:07 +0000 (UTC) Subject: Re: bug#30683: [PATCH] build: add a configure flag to force --sandbox To: Assaf Gordon , Mike Frysinger References: <20180302222815.16999-1-vapier@gentoo.org> <20180302230745.GA8942@tomato> From: Eric Blake Organization: Red Hat, Inc. Message-ID: <8c326fef-34d0-d8bc-4200-4a2a22253ab6@redhat.com> Date: Fri, 2 Mar 2018 17:20:07 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <20180302230745.GA8942@tomato> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.6]); Fri, 02 Mar 2018 23:20:13 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.6]); Fri, 02 Mar 2018 23:20:13 +0000 (UTC) for IP:'10.11.54.6' DOMAIN:'int-mx06.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'eblake@redhat.com' RCPT:'' X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 30683 Cc: 30683@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) On 03/02/2018 05:07 PM, Assaf Gordon wrote: > On Fri, Mar 02, 2018 at 05:28:15PM -0500, Mike Frysinger wrote: >> * configure.ac: Add --enable-forced-sandbox option, and define >> ENABLE_FORCED_SANDBOX when enabled. > > Conceptually I like your idea (since I've added the original > --sandbox option to both gnu sed and gawk). > > However, > Adding such "--enable" options to "./configure" goes against the gnu coding standards, > which say: > > No ‘--enable’ option should ever cause one feature to replace another. > No ‘--enable’ option should ever substitute one useful behavior for > another useful behavior. The only proper use for ‘--enable’ is for > questions of whether to build part of the program or exclude it. > (source: https://www.gnu.org/prep/standards/html_node/Configuration.html) Would a different spelling, such as '--with-forced-sandbox-default=on/off' be better? -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3266 Virtualization: qemu.org | libvirt.org From debbugs-submit-bounces@debbugs.gnu.org Fri Mar 02 18:27:48 2018 Received: (at 30683) by debbugs.gnu.org; 2 Mar 2018 23:27:48 +0000 Received: from localhost ([127.0.0.1]:41651 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eru5b-0003Q0-Pt for submit@debbugs.gnu.org; Fri, 02 Mar 2018 18:27:48 -0500 Received: from smtp.gentoo.org ([140.211.166.183]:59888) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eru5Y-0003Pl-1s for 30683@debbugs.gnu.org; Fri, 02 Mar 2018 18:27:44 -0500 Received: from vapier (localhost [127.0.0.1]) by smtp.gentoo.org (Postfix) with SMTP id 968E2335C0A; Fri, 2 Mar 2018 23:27:37 +0000 (UTC) Date: Fri, 2 Mar 2018 18:27:37 -0500 From: Mike Frysinger To: Assaf Gordon Subject: Re: bug#30683: [PATCH] build: add a configure flag to force --sandbox Message-ID: <20180302232737.GI27582@vapier> Mail-Followup-To: Assaf Gordon , 30683@debbugs.gnu.org References: <20180302222815.16999-1-vapier@gentoo.org> <20180302230745.GA8942@tomato> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="smOfPzt+Qjm5bNGJ" Content-Disposition: inline In-Reply-To: <20180302230745.GA8942@tomato> X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: 30683 Cc: 30683@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) --smOfPzt+Qjm5bNGJ Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 02 Mar 2018 16:07, Assaf Gordon wrote: > tag 30683 notabug > close 30683 > stop >=20 > Hello Mike, >=20 > On Fri, Mar 02, 2018 at 05:28:15PM -0500, Mike Frysinger wrote: > > * configure.ac: Add --enable-forced-sandbox option, and define > > ENABLE_FORCED_SANDBOX when enabled. >=20 > Conceptually I like your idea (since I've added the original > --sandbox option to both gnu sed and gawk). >=20 > However, > Adding such "--enable" options to "./configure" goes against the gnu codi= ng standards, > which say: >=20 > No =E2=80=98--enable=E2=80=99 option should ever cause one feature to = replace another. > No =E2=80=98--enable=E2=80=99 option should ever substitute one useful= behavior for > another useful behavior. The only proper use for =E2=80=98--enable=E2= =80=99 is for > questions of whether to build part of the program or exclude it. > (source: https://www.gnu.org/prep/standards/html_node/Configuration.ht= ml) frankly, i consider this a bikeshed aspect, and i have no interest in debating what would be acceptable. so if you tell me what name you want, i'll happily adjust the patch/code. -mike --smOfPzt+Qjm5bNGJ Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEuQK1JxMl+JKsJRrUQWM7n+g39YEFAlqZ3eMACgkQQWM7n+g3 9YF0ShAAmYZUhmTtvF0ldBCi9zF2XMgSAdG7xamBsu/dHD7NMAXZYLRsJkbCTVx6 IHobX0WkqffD3X8cUIEm7/VpBgAU+G/MsYd2BuB9cYFy01RUH1dX+vzc5g6FtsvJ 5ou4B1ieh6GaRWOJK0+gxRdzONogs4BrfWwvDzyhzSSyD3pin8YzGdqTOVqvrgGo zjMxRagsg3Ftxz2q5CqiS4sQ4bl/45VdguQdqcwVEnR0xugm+gbduy4+VYJaa8N+ XgJeI3ENJ8MGTuZX2Z2L2gsHxzSEaLUTLFvcmqjWxNYqD10TGGG42zo3fSA6AESj BuPPhCHn/pUUEiqyu6Q7D3Mw9ljgZKTaR/5ZI/r+Sw6CR/22Zkv4T1i1FMu5epIh EG6Ba78rvkb9P+Vj1bbh7YJmoxV7M6iEFhfZLuQr/AxXGMaPGA+AQFB+ws3s04CE binJiM/gl0iD0HRiCUJuunFZnXuiDztCxy0f+9WhUCEJhPclvWorSaRMLRX4UZXH Ru0/hdnQ9PNCyXIGV6GwN+2hn6NulvvI/WdZAs0Zle01/G+8VQmA+Aqs9Y/eXIux SPLcWYF5IvvNQjsMq/hV1+A8+auAC+J/ZsMLPzU6ZTriKWMF5UaQ+h6LuLJeVQeA WF9VeY30R6bQGc0KK3HnQhnD7BCAq5LjYeJOlLXCYTDXe3mhIMM= =gyNx -----END PGP SIGNATURE----- --smOfPzt+Qjm5bNGJ-- From debbugs-submit-bounces@debbugs.gnu.org Fri Mar 02 18:44:52 2018 Received: (at 30683) by debbugs.gnu.org; 2 Mar 2018 23:44:52 +0000 Received: from localhost ([127.0.0.1]:41664 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eruM8-0003om-C8 for submit@debbugs.gnu.org; Fri, 02 Mar 2018 18:44:52 -0500 Received: from mail-pl0-f44.google.com ([209.85.160.44]:45139) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eruM5-0003oX-UR for 30683@debbugs.gnu.org; Fri, 02 Mar 2018 18:44:50 -0500 Received: by mail-pl0-f44.google.com with SMTP id v9-v6so6545707plp.12 for <30683@debbugs.gnu.org>; Fri, 02 Mar 2018 15:44:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=fsQH5IxxFKx6QzyTze6Tai2Kv6DFl/Ytzv35aP/aOdU=; b=k8gkhYld6GOMj7CGkFn4Erpbs9FrsqM13b21szOTj44NZF8q/7d6k6aXoN9BU4lCtM 1kq01f90kUBApgC5RyN6KzUNkWoatixZQTIvM1BIQVOW7bfy2T+BlqIr/slvYDXBP9qA IydwRsyXJKZpvPONoTh2cNraSuxLre6u7QpzgkZaIV39QARp1ahgHm20q+jbtsl1I1Ks Y3Mp/Q1FQfVJ1OiC9cm3olQBV9yv8FZLa2Baa70Z2HKlElcV4fiCgvZ9OHZgue2waWNM j2ihCsnLLMut5SIZzW0hx5DJQO52Ho+ODzR0KHkm6k4rzSCaprGWEa65kMZCFJ41bfcn DUBQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=fsQH5IxxFKx6QzyTze6Tai2Kv6DFl/Ytzv35aP/aOdU=; b=Rl5RtCFnqNiFr/KNuJLjmUfCiwkHK0sG6Wz0Yk9d2WQfw1lXE+C0W3HHXXGRzIlbN8 weqMkytfpvlZKZobA34P2TeJZR/KgmWsNuO+TWMzMBwYiam6EQrrhoDpEOA1YFtNOnuN WNAhX8tAtZIxShwfY7iVV0xpo6AibGyEf9fvU2TrFzv2GSoevf6kUTLfWXE2whiMVmhG hoKUzfEJ5X5piJ8T0fWXOJZRjA2RncjNrLbnGHTV+aPB9K/pLDgPq58gYx7gDnk2rQ86 p1vzwL/kcqNEVU70YYuWH0gTbdc/EXjTiBUlbkHQJyXdxx3JMCpoE1tXEYAu0GF8ypK4 /TFA== X-Gm-Message-State: APf1xPATzywwLEvgytp6sAHNZs4mEXHhEUWFZyRQYJdLEp6qdcQJGYs+ 7Ga/EQ59/2kJjrZ9O9iwlFQ= X-Google-Smtp-Source: AG47ELuPLwP70BrMC/3dsJIvt64S62E+uVbNGFJwB+gFRx/02ZOWf6l+wuzFqyDXHYe8cd5Z7BUmUQ== X-Received: by 2002:a17:902:1763:: with SMTP id i90-v6mr6621675pli.309.1520034284097; Fri, 02 Mar 2018 15:44:44 -0800 (PST) Received: from tomato (moose.housegordon.com. [184.68.105.38]) by smtp.gmail.com with ESMTPSA id q13sm12478503pgr.15.2018.03.02.15.44.42 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 02 Mar 2018 15:44:42 -0800 (PST) Date: Fri, 2 Mar 2018 16:44:40 -0700 From: Assaf Gordon To: Eric Blake Subject: Re: bug#30683: [PATCH] build: add a configure flag to force --sandbox Message-ID: <20180302234440.GC8942@tomato> References: <20180302222815.16999-1-vapier@gentoo.org> <20180302230745.GA8942@tomato> <8c326fef-34d0-d8bc-4200-4a2a22253ab6@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <8c326fef-34d0-d8bc-4200-4a2a22253ab6@redhat.com> User-Agent: Mutt/1.5.24 (2015-08-30) X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 30683 Cc: 30683@debbugs.gnu.org, Mike Frysinger X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) Hello Eric, Mike, (replying to both recent messages) On Fri, Mar 02, 2018 at 05:20:07PM -0600, Eric Blake wrote: > On 03/02/2018 05:07 PM, Assaf Gordon wrote: > > >Adding such "--enable" options to "./configure" goes against the gnu coding standards, > > Would a different spelling, such as '--with-forced-sandbox-default=on/off' > be better? On Fri, Mar 2, 2018 at 4:27 PM, Mike Frysinger wrote: > [...] so if you tell me what name you > want, i'll happily adjust the patch/code. I generally do not object to this feature (regardless of the name). However when I previously suggested something similar for coreutils [1] (a ./configure flag to change the default 'ls' quoting style), it was explained that such things should be avoided [2]. [1] https://lists.gnu.org/archive/html/bug-coreutils/2016-02/msg00057.html [2] https://lists.gnu.org/archive/html/bug-coreutils/2016-02/msg00058.html Perhaps there's no issue in adding it to sed - in which case I'm happy to commit it. Jim - what do you think? regards, - assaf From debbugs-submit-bounces@debbugs.gnu.org Fri Mar 02 20:34:46 2018 Received: (at 30683) by debbugs.gnu.org; 3 Mar 2018 01:34:46 +0000 Received: from localhost ([127.0.0.1]:41695 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1erw4U-0008Mc-B0 for submit@debbugs.gnu.org; Fri, 02 Mar 2018 20:34:46 -0500 Received: from mail-qk0-f174.google.com ([209.85.220.174]:42480) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1erw4S-0008MQ-Li for 30683@debbugs.gnu.org; Fri, 02 Mar 2018 20:34:45 -0500 Received: by mail-qk0-f174.google.com with SMTP id b130so14259289qkg.9 for <30683@debbugs.gnu.org>; Fri, 02 Mar 2018 17:34:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=v2c/j18xbdCBS2aWSP2kis4z1ABpVZL9dwvbeF0tJK4=; b=NEpeRu2uET7FBexEFu69IOacCLI9EvfTbbl0RHoQqP3D3800XNombQxF61/7Rfrz9w FFsfA2M+DMgVUES2QFBTI8Aa1ws/DGV3i7v3xbNTNQFQ2dO0SlNqAP7U5MPjLdxDPNOL a6sQFgOKXbZ/REFVAaEXGAYa5AfCOBHOtPLxMgEVXq+rUp04wYhV1iIaabSa7cgejKPO JuejOgwDxoi867GQ/CarHiYkYASb1dXvRracZiPc+AWp8SQ09/y7C92Z1ATsllZU79eZ XCF5cSjmTsjYhFVyiXOhV5W9CB/XJgdXyLeRB4atbG+qXAwh9xXta9wry+2G7qL7MVsl Bvbw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=v2c/j18xbdCBS2aWSP2kis4z1ABpVZL9dwvbeF0tJK4=; b=BfZoJXKFi1sq0NNm4K74kqXrI7ZZ52oeDkhJLw3atBiQt2WZ5icpIV9sbeNGIlraXw eK+8zHxg7SMNF4wUpwJlMu0/AM1lb0MaiHdDPSTDg4oMoEikgc+mbuf9vpf+Sjl6egnS ShKNhAg5/5zp+oJZXPtrBlogar4QBJZt195/ajx3iiUeu9beIaE0tWlPaQHPuGPpr1Tu dF9QR/ytStUvrTa7yVDBQbue9lyXpxdFnWkwEWVHFXy3e8jSV8j8ftROzgIGOSGP3F0e D6JZ7tIUOMlvMmKjw4vFW41oPO3UrbvEwzRrcWHs2Nzpwk9l+v0TzbVYU1TkRCOkUUPn 6DCw== X-Gm-Message-State: AElRT7HirGpso5a+Uqw1BJwU2kw7IIinU24tR4DfK08kBpypXP2isW3x 5h/6/KpB89f6g05opOt5W5qfRhE4n9KKIrCK914= X-Google-Smtp-Source: AG47ELuTUqWCp0hvQXNSQ81igVFY6Ftfcbe3nswu/4Kz7GtOeOGjN+wbXKKeS2EXM6plzRRz6/dOmgvOM5K5FEvZIKg= X-Received: by 10.55.102.134 with SMTP id a128mr11393869qkc.122.1520040878933; Fri, 02 Mar 2018 17:34:38 -0800 (PST) MIME-Version: 1.0 Received: by 10.55.77.23 with HTTP; Fri, 2 Mar 2018 17:34:18 -0800 (PST) In-Reply-To: <20180302234440.GC8942@tomato> References: <20180302222815.16999-1-vapier@gentoo.org> <20180302230745.GA8942@tomato> <8c326fef-34d0-d8bc-4200-4a2a22253ab6@redhat.com> <20180302234440.GC8942@tomato> From: Jim Meyering Date: Fri, 2 Mar 2018 17:34:18 -0800 X-Google-Sender-Auth: trjVak0oH6969Y0YBQz-Z2ozIx8 Message-ID: Subject: Re: bug#30683: [PATCH] build: add a configure flag to force --sandbox To: Assaf Gordon Content-Type: text/plain; charset="UTF-8" X-Spam-Score: 0.5 (/) X-Debbugs-Envelope-To: 30683 Cc: Mike Frysinger , 30683@debbugs.gnu.org, Eric Blake X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.5 (/) On Fri, Mar 2, 2018 at 3:44 PM, Assaf Gordon wrote: > Hello Eric, Mike, > > (replying to both recent messages) > > On Fri, Mar 02, 2018 at 05:20:07PM -0600, Eric Blake wrote: >> On 03/02/2018 05:07 PM, Assaf Gordon wrote: >> >> >Adding such "--enable" options to "./configure" goes against the gnu coding standards, >> >> Would a different spelling, such as '--with-forced-sandbox-default=on/off' >> be better? > > On Fri, Mar 2, 2018 at 4:27 PM, Mike Frysinger wrote: >> [...] so if you tell me what name you >> want, i'll happily adjust the patch/code. > > I generally do not object to this feature (regardless of the name). > > However when I previously suggested something similar for coreutils [1] > (a ./configure flag to change the default 'ls' quoting style), > it was explained that such things should be avoided [2]. > > [1] https://lists.gnu.org/archive/html/bug-coreutils/2016-02/msg00057.html > [2] https://lists.gnu.org/archive/html/bug-coreutils/2016-02/msg00058.html > > Perhaps there's no issue in adding it to sed - in which case I'm happy to commit it. > > Jim - what do you think? Hi Assaf, I think you made the right call by declining this change. The trouble with any such configure-time option is that then any script that requires a legitimate use of those sed commands would fail. Mike, it sounds like you want an environment in which every sed use would resolve to a specially-built sed binary. Given that you can do that, can't you interpose a wrapper that invokes the real sed with --sandbox? From debbugs-submit-bounces@debbugs.gnu.org Sun Mar 04 01:19:30 2018 Received: (at 30683) by debbugs.gnu.org; 4 Mar 2018 06:19:30 +0000 Received: from localhost ([127.0.0.1]:43442 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1esMzZ-0003OT-9w for submit@debbugs.gnu.org; Sun, 04 Mar 2018 01:19:30 -0500 Received: from smtp.gentoo.org ([140.211.166.183]:47154) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1esMzX-0003OD-Gt for 30683@debbugs.gnu.org; Sun, 04 Mar 2018 01:19:28 -0500 Received: from vapier (localhost [127.0.0.1]) by smtp.gentoo.org (Postfix) with SMTP id 8CFA8335C2C; Sun, 4 Mar 2018 06:19:20 +0000 (UTC) Date: Sun, 4 Mar 2018 01:19:20 -0500 From: Mike Frysinger To: Jim Meyering Subject: Re: bug#30683: [PATCH] build: add a configure flag to force --sandbox Message-ID: <20180304061920.GJ27582@vapier> Mail-Followup-To: Jim Meyering , Assaf Gordon , Eric Blake , 30683@debbugs.gnu.org References: <20180302222815.16999-1-vapier@gentoo.org> <20180302230745.GA8942@tomato> <8c326fef-34d0-d8bc-4200-4a2a22253ab6@redhat.com> <20180302234440.GC8942@tomato> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="X+nYw8KZ/oNxZ8JS" Content-Disposition: inline In-Reply-To: X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: 30683 Cc: 30683@debbugs.gnu.org, Assaf Gordon , Eric Blake X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) --X+nYw8KZ/oNxZ8JS Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 02 Mar 2018 17:34, Jim Meyering wrote: > On Fri, Mar 2, 2018 at 3:44 PM, Assaf Gordon wrot= e: > > Hello Eric, Mike, > > > > (replying to both recent messages) > > > > On Fri, Mar 02, 2018 at 05:20:07PM -0600, Eric Blake wrote: > >> On 03/02/2018 05:07 PM, Assaf Gordon wrote: > >> > >> >Adding such "--enable" options to "./configure" goes against the gnu = coding standards, > >> > >> Would a different spelling, such as '--with-forced-sandbox-default=3Do= n/off' > >> be better? > > > > On Fri, Mar 2, 2018 at 4:27 PM, Mike Frysinger wrot= e: > >> [...] so if you tell me what name you > >> want, i'll happily adjust the patch/code. > > > > I generally do not object to this feature (regardless of the name). > > > > However when I previously suggested something similar for coreutils [1] > > (a ./configure flag to change the default 'ls' quoting style), > > it was explained that such things should be avoided [2]. > > > > [1] https://lists.gnu.org/archive/html/bug-coreutils/2016-02/msg00057.h= tml > > [2] https://lists.gnu.org/archive/html/bug-coreutils/2016-02/msg00058.h= tml > > > > Perhaps there's no issue in adding it to sed - in which case I'm happy = to commit it. > > > > Jim - what do you think? >=20 > I think you made the right call by declining this change. The trouble > with any such configure-time option is that then any script that > requires a legitimate use of those sed commands would fail. those scripts should fail on these systems > Mike, it sounds like you want an environment in which every sed use > would resolve to a specially-built sed binary. Given that you can do > that, can't you interpose a wrapper that invokes the real sed with > --sandbox? that would add useless (to me) overhead on the system and simultaneously not [satisfactorily] resolve the issue. we want to kill all such escapes on the system. what about a configure option to disable these commands entirely at compile time ? i don't really understand the argument of "adding a wrapper `sed` that adds --sandbox all the time is OK, but changing `sed` to always use --sandbox is not OK". how is this any different to "legitimate" scripts ? -mike --X+nYw8KZ/oNxZ8JS Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEuQK1JxMl+JKsJRrUQWM7n+g39YEFAlqbj+gACgkQQWM7n+g3 9YHX1w//dGtuHEAbtqBl1Z0v45xcLiCt/0xpVudBnijRwvC7/vi7P9rXJR7XsyWD ZSDntON3vc/vuhztvvLIkkNDhTIpYSr5+29fIyOesT6a1NtAGrM4ncLcK0cGJN7z GdByxSsj5KRP2PEyXMdN3bGeg4UkRzsEECVhNP0I7W/N+d5s5qH576ffVTRhXax4 SVCXS2gNLDVwK0Q2AonbYuqSa67pITFy7x7qFaGmIi56sY6jKYdwXaAqYLdbtxjH yEn6qbosynEw0Q5qlne70LhMcc2c42p3ivIdv+AGFj1tDGQ9KhpCTT1WTNdTm5ht DKnaNdePrzZ8guWgx2JXRRlYtNsqLChl1ucWR0QXRn8G3SDOPIFbCGx/b3UMOWwZ FEnBucJ/0tZv9be/i6JaKQ8tnhfO7CkGwVQY4YoAzhx54vYdnZavS/XyNNpLt8l1 LYSVmQHoTeh0x5ZtsfH799GrZ4OEoqvpx3Cu7vEaJin4qHHF1HyYfOO1xPlX+LK/ 8P7mO/tRB7VeK9JjnkbuTNtqTQytuFTTQRZi9tGMumSvdNC2AgOxZjc7EQZDq1an A3MgGqnJMvZy85fxmpDVi4R9OZCgC8KBa9Xl5y6yy9m+aOi+C/YGHiTCEA5Z+O89 asK9MjOhZWGXv3xsI4PT5uNdqK9kYuu4BBSgGLgGthEapIk+vOY= =t6/b -----END PGP SIGNATURE----- --X+nYw8KZ/oNxZ8JS-- From debbugs-submit-bounces@debbugs.gnu.org Sun Mar 04 14:22:20 2018 Received: (at 30683) by debbugs.gnu.org; 4 Mar 2018 19:22:20 +0000 Received: from localhost ([127.0.0.1]:44714 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1esZD9-0004Z0-O5 for submit@debbugs.gnu.org; Sun, 04 Mar 2018 14:22:19 -0500 Received: from mail-qt0-f177.google.com ([209.85.216.177]:39925) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1esZD8-0004Yo-9L for 30683@debbugs.gnu.org; Sun, 04 Mar 2018 14:22:18 -0500 Received: by mail-qt0-f177.google.com with SMTP id n9so3114094qtk.6 for <30683@debbugs.gnu.org>; Sun, 04 Mar 2018 11:22:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to; bh=Y9vZqiLs8SZ+N8EOp9XcCfwRdWna0cylfgGVAhW7M2k=; b=HQ3F0hPvdScVDpWhFizfc/JFDNt+z4cqBwfpFH+37j8kmbx95TS6tiCYuAk0e8orYU b6gmwKSKrFPyBtJJfmuwYfzCTc2ZS8luezV3+wYu0CbB8GISG+/REhtoFdkC16h9C/cX nqcNPbzDNWk1zN5+aWtp3MTazdTlTF6p3J2M4U0YNuO98Z9W71+qoUkTt4r1oQZami3v rZtDMf7U8esnl6BeAK2XjVT6ToyZmsM+19TWv0TPlkeWBRUC0YBDkVY2TXaskgSMqu8Z HZjoUJug/L9UznOYpHhyCP/b9gOAOXHvfClSAO2d5r4hepEUmVTgcoNEMjHfspfD2e4Q Fkog== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to; bh=Y9vZqiLs8SZ+N8EOp9XcCfwRdWna0cylfgGVAhW7M2k=; b=BgM0RJ2ExluQcMcxkC5QqFp68vw8QqBf+13jSLnztewfbiHUZ9WdbzWeclRiCawKTF MTKQm+D4eKn8XeC+YKSzO3DjwO4X/vfKyvYRn7Se/g4DyKTRxC9HH8wFdziS0pTCFtdK 0c4jsPaoYpntYhEB17Bzz36thFwf3+y+3+/zejnbN3DWDS8gbQUEsu+pDjR+bD+YBUKQ 5gP7WB5oIcDxVkjBvHCYnnurvR0Wk4jrMHG4lMJ0XGX+C+URdAyJS5kTCKFIgFb1yDa4 z1NCUG/61E0oWO7yADEYDh7DP4AiEbFidURx3nxCAbMrZPskE2Tmb23sCBLlhDQFMD2Q QdRg== X-Gm-Message-State: AElRT7E8keDx7ISXWBjQVz1CpPhOPy/+2ZHRYne8g/zVjA4qzuDd8NFk PmSaihWp/iwYT6+0DD83iPDNksHSIn1sNvZLQXc= X-Google-Smtp-Source: AG47ELuq7AHKFCwiu6uCuJw2WSojxX3WcAM3Rm3hb1QDJe1L+v/Jrqv/D9uJLydgrsOxym8rBHsKYWcv8kGxrTa5IL8= X-Received: by 10.237.53.187 with SMTP id c56mr19809487qte.203.1520191332686; Sun, 04 Mar 2018 11:22:12 -0800 (PST) MIME-Version: 1.0 Received: by 10.55.77.23 with HTTP; Sun, 4 Mar 2018 11:21:51 -0800 (PST) In-Reply-To: <20180304061920.GJ27582@vapier> References: <20180302222815.16999-1-vapier@gentoo.org> <20180302230745.GA8942@tomato> <8c326fef-34d0-d8bc-4200-4a2a22253ab6@redhat.com> <20180302234440.GC8942@tomato> <20180304061920.GJ27582@vapier> From: Jim Meyering Date: Sun, 4 Mar 2018 11:21:51 -0800 X-Google-Sender-Auth: fukGdPTROHcxqspAulupqdYU3Pw Message-ID: Subject: Re: bug#30683: [PATCH] build: add a configure flag to force --sandbox To: Jim Meyering , Assaf Gordon , Eric Blake , 30683@debbugs.gnu.org Content-Type: text/plain; charset="UTF-8" X-Spam-Score: 0.5 (/) X-Debbugs-Envelope-To: 30683 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.5 (/) On Sat, Mar 3, 2018 at 10:19 PM, Mike Frysinger wrote: > On 02 Mar 2018 17:34, Jim Meyering wrote: >> On Fri, Mar 2, 2018 at 3:44 PM, Assaf Gordon wrote: >> > Hello Eric, Mike, >> > >> > (replying to both recent messages) >> > >> > On Fri, Mar 02, 2018 at 05:20:07PM -0600, Eric Blake wrote: >> >> On 03/02/2018 05:07 PM, Assaf Gordon wrote: >> >> >> >> >Adding such "--enable" options to "./configure" goes against the gnu coding standards, >> >> >> >> Would a different spelling, such as '--with-forced-sandbox-default=on/off' >> >> be better? >> > >> > On Fri, Mar 2, 2018 at 4:27 PM, Mike Frysinger wrote: >> >> [...] so if you tell me what name you >> >> want, i'll happily adjust the patch/code. >> > >> > I generally do not object to this feature (regardless of the name). >> > >> > However when I previously suggested something similar for coreutils [1] >> > (a ./configure flag to change the default 'ls' quoting style), >> > it was explained that such things should be avoided [2]. >> > >> > [1] https://lists.gnu.org/archive/html/bug-coreutils/2016-02/msg00057.html >> > [2] https://lists.gnu.org/archive/html/bug-coreutils/2016-02/msg00058.html >> > >> > Perhaps there's no issue in adding it to sed - in which case I'm happy to commit it. >> > >> > Jim - what do you think? >> >> I think you made the right call by declining this change. The trouble >> with any such configure-time option is that then any script that >> requires a legitimate use of those sed commands would fail. > > those scripts should fail on these systems Maybe it would help to explain what your intended use case is. I.e., why do you want this? Do you want to do something similar for perl, awk, python, etc? >> Mike, it sounds like you want an environment in which every sed use >> would resolve to a specially-built sed binary. Given that you can do >> that, can't you interpose a wrapper that invokes the real sed with >> --sandbox? > > that would add useless (to me) overhead on the system and simultaneously > not [satisfactorily] resolve the issue. we want to kill all such escapes > on the system. Sure, there would be overhead for the interpreter and interposed "exec". Other than that, what is not satisfactory? > what about a configure option to disable these commands entirely at compile > time ? That runs afoul of the same guideline: it changes the language that sed accepts. > i don't really understand the argument of "adding a wrapper `sed` that adds > --sandbox all the time is OK, but changing `sed` to always use --sandbox is > not OK". how is this any different to "legitimate" scripts ? Currently, any GNU sed binary can be expected to provide certain fundamental features. If we provide the suggested configure option, that implies that robust scripts may want to (or have to) detect the new variant and do something differently when it is found. But this is just the first such option. If we make it easy to add a second such configure-time option, there would then be four possible variants. Clearly that would not scale. From unknown Sat Sep 20 23:52:06 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Mon, 02 Apr 2018 11:24:05 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator