Re: (tye)Re: Security concern with sudo and system()

Well, other OS's don't have a /bin/sh, or a /bin/ for that matter. I thought the ENV variable was standard now, but looking at the source it seems that each platform has its own logic to find/use the shell.

Under Win32, it's:

static void
get_shell(void)
{
    dTHXo;
    if (!w32_perlshell_tokens) {
    /* we don't use COMSPEC here for two reasons:
     *  1. the same reason perl on UNIX doesn't use SHELL--rampant and
     *     uncontrolled unportability of the ensuing scripts.
     *  2. PERL5SHELL could be set to a shell that may not be fit for
     *     interactive use (which is what most programs look in COMSPE
+C
     *     for).
     */
    const char* defaultshell = (IsWinNT()
                    ? "cmd.exe /x/c" : "command.com /c");
    const char *usershell = PerlEnv_getenv("PERL5SHELL");
    w32_perlshell_items = tokenize(usershell ? usershell : defaultshel
+l,
                       &w32_perlshell_tokens,
                       &w32_perlshell_vec);
    }
}
[download]

This could certainly work for all platforms. But a quick search indicates:

On vos it's not supported.
On vms, it calls lib$spawn, whatever that means (is $ a letter on that platform's C compiler, or a scope resolution of some kind?
on VM/ESA it calls /bin/sh -c.
On OS/2, this comment: "Consensus on perl5-porters is that it is _very_ important to have a shell which will not change between computers with the same architecture, to avoid "action on a distance". And to have simple build, this shell should be sh"
However, it can be compiled to try looking at environment variables EMXSHELL, SHELL, COMSPEC in that order (or CMD.EXE if none of those are found), and applying the /C switch to whatever it finds; or using the contents of a variable called PL_sh_path and the -c switch. That variable is listed in a few non-OS-specific files, so it looks like this is what it is supposed to look at in all builds. That is, the configuration in embedvar or perlapi can configure the shell, without editing the deep guts.
Hmm, in other places it looks like the variable PL_sh_path contains only the directory of the shell, not the name itself, in other uses. But this OS/2 support module treats it in the same way whether it uses CMD.EXE or the contents of PL_sh_path, so it expects to find a complete executable file name there. Is this a bug?
Epoc seems to use a C++ API to the OS, with a member function RProcess::Create doing the work.
In another place, PL_sh_path is traced back to a member of Interpreter which does indeed have a complete command name. So the use is inconsistant in different builds. In VOS, it is "/system/ported/command_library/bash.pm"

So, it's a real mess. Besides different specific logic for each OS or variation, there are lots of wrapping macros and levels of indirection just to make things more confusing, and inconsistant use of common code.

—John

Comment on Re: (tye)Re: Security concern with sudo and system() Download Code