diff options
| author | Arnold D. Robbins <arnold@skeeve.com> | 2019-05-06 21:28:26 +0300 |
|---|---|---|
| committer | Arnold D. Robbins <arnold@skeeve.com> | 2019-05-06 21:28:26 +0300 |
| commit | 98c0e68100e8d41dee98750cc36b53dcf5ba76aa (patch) | |
| tree | b9e4b0ba83fe56b6131163ce478062e0d9e8c45e | |
| parent | 779ba383895f791a8437ecbcb602c8c633e12fc1 (diff) | |
| download | egawk-98c0e68100e8d41dee98750cc36b53dcf5ba76aa.tar.gz egawk-98c0e68100e8d41dee98750cc36b53dcf5ba76aa.tar.bz2 egawk-98c0e68100e8d41dee98750cc36b53dcf5ba76aa.zip | |
Improve sandbox mode.
| -rw-r--r-- | ChangeLog | 13 | ||||
| -rw-r--r-- | awk.h | 1 | ||||
| -rw-r--r-- | cint_array.c | 83 | ||||
| -rw-r--r-- | doc/ChangeLog | 2 | ||||
| -rw-r--r-- | doc/gawk.info | 1144 | ||||
| -rw-r--r-- | doc/gawk.texi | 5 | ||||
| -rw-r--r-- | doc/gawktexi.in | 5 | ||||
| -rw-r--r-- | main.c | 18 | ||||
| -rw-r--r-- | test/ChangeLog | 9 | ||||
| -rwxr-xr-x | test/Gentests | 11 | ||||
| -rw-r--r-- | test/Makefile.am | 8 | ||||
| -rw-r--r-- | test/Makefile.in | 13 | ||||
| -rw-r--r-- | test/Maketests | 5 | ||||
| -rw-r--r-- | test/sandbox1.awk | 7 | ||||
| -rw-r--r-- | test/sandbox1.ok | 2 |
15 files changed, 750 insertions, 576 deletions
@@ -1,3 +1,16 @@ +2019-05-06 Arnold D. Robbins <arnold@skeeve.com> + + In sandbox mode, disallow assigning filenames that weren't + there initially. Thanks to Nolan Woods <nolan_w@sfu.ca> for + pointing out the gap. + + * awk.h (init_argv_array): Add declaration. + * cint_array.c (argv_store): New vtable for ARGV. + (argv_shadow_array): New file static variable + (argv_store, init_argv_array): New functions. + * main.c (init_args): If in sandbox mode, build shadow array of + initial argv values. Call init_argv_array. + 2019-05-05 Arnold D. Robbins <arnold@skeeve.com> * ext.c (load_ext): Fix the message in the version for when @@ -1402,6 +1402,7 @@ extern NODE *do_asort(int nargs); extern NODE *do_asorti(int nargs); extern unsigned long (*hash)(const char *s, size_t len, unsigned long hsize, size_t *code); extern void init_env_array(NODE *env_node); +extern void init_argv_array(NODE *argv_node, NODE *shadow_node); /* awkgram.c */ extern NODE *variable(int location, char *name, NODETYPE type); extern int parse_program(INSTRUCTION **pcode, bool from_eval); diff --git a/cint_array.c b/cint_array.c index 08815e4e..417f27d5 100644 --- a/cint_array.c +++ b/cint_array.c @@ -73,6 +73,24 @@ const array_funcs_t cint_array_func = { (afunc_t) 0, }; + +static NODE **argv_store(NODE *symbol, NODE *subs); + +/* special case for ARGV in sandbox mode */ +const array_funcs_t argv_array_func = { + "argv", + cint_array_init, + is_uinteger, + cint_lookup, + cint_exists, + cint_clear, + cint_remove, + cint_list, + cint_copy, + cint_dump, + argv_store, +}; + static inline int cint_hash(long k); static inline NODE **cint_find(NODE *symbol, long k, int h1); @@ -1230,3 +1248,68 @@ leaf_print(NODE *array, size_t bi, int indent_level) (unsigned long) array->table_size); } #endif + +static NODE *argv_shadow_array = NULL; + +/* argv_store --- post assign function for ARGV in sandbox mode */ + +static NODE ** +argv_store(NODE *symbol, NODE *subs) +{ + NODE **val = cint_exists(symbol, subs); + NODE *newval = *val; + char *cp; + + if (newval->stlen == 0) // empty strings in ARGV are OK + return val; + + if ((cp = strchr(newval->stptr, '=')) == NULL) { + if (! in_array(argv_shadow_array, newval)) + fatal(_("cannot add a new file (%.*s) to ARGV in sandbox mode"), + (int) newval->stlen, newval->stptr); + } else { + // check if it's a valid variable assignment + bool badvar = false; + char *arg = newval->stptr; + char *cp2; + + *cp = '\0'; // temporarily + + if (! is_letter((unsigned char) arg[0])) + badvar = true; + else + for (cp2 = arg+1; *cp2; cp2++) + if (! is_identchar((unsigned char) *cp2) && *cp2 != ':') { + badvar = true; + break; + } + + // further checks + if (! badvar) { + char *cp = strchr(arg, ':'); + if (cp && (cp[1] != ':' || strchr(cp + 2, ':') != NULL)) + badvar = true; + } + *cp = '='; // restore the '=' + + if (badvar && ! in_array(argv_shadow_array, newval)) + fatal(_("cannot add a new file (%.*s) to ARGV in sandbox mode"), + (int) newval->stlen, newval->stptr); + + // otherwise, badvar is false, let it through as variable assignment + } + return val; +} + +/* init_argv_array --- set up the pointers for ARGV in sandbox mode. A bit hacky. */ + +void +init_argv_array(NODE *argv_node, NODE *shadow_node) +{ + /* If POSIX simply don't reset the vtable and things work as before */ + if (! do_sandbox) + return; + + argv_node->array_funcs = & argv_array_func; + argv_shadow_array = shadow_node; +} diff --git a/doc/ChangeLog b/doc/ChangeLog index 962656fb..6220648d 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -2,6 +2,8 @@ * gawktexi.in: Fix some typos. Thanks to Mark Krauze <daburashka@ya.ru>, for pointing them out. + (Options): Document new feature in --sandbox, that you can't + add files that weren't there to start with. 2019-05-05 Arnold D. Robbins <arnold@skeeve.com> diff --git a/doc/gawk.info b/doc/gawk.info index a657dfcd..d68921c0 100644 --- a/doc/gawk.info +++ b/doc/gawk.info @@ -2784,10 +2784,11 @@ The following list describes options mandated by the POSIX standard: '--sandbox' Disable the 'system()' function, input redirections with 'getline', output redirections with 'print' and 'printf', and dynamic - extensions. This is particularly useful when you want to run 'awk' - scripts from questionable sources and need to make sure the scripts - can't access your system (other than the specified input data - file). + extensions. Also, disallow adding filenames to 'ARGV' that were + not there when 'gawk' started running. This is particularly useful + when you want to run 'awk' scripts from questionable sources and + need to make sure the scripts can't access your system (other than + the specified input data file). '-t' '--lint-old' @@ -29248,8 +29249,8 @@ Info file, in approximate chronological order: * Anders Wallin helped keep the VMS port going for several years. - * Assaf Gordon contributed the code to implement the '--sandbox' - option. + * Assaf Gordon contributed the initial code to implement the + '--sandbox' option. * John Haque made the following contributions: @@ -33685,7 +33686,7 @@ Index * --include option: Options. (line 181) * --lint option: Command Line. (line 20) * --lint option <1>: Options. (line 210) -* --lint-old option: Options. (line 324) +* --lint-old option: Options. (line 325) * --load option: Options. (line 198) * --no-optimize option: Options. (line 310) * --non-decimal-data option: Options. (line 235) @@ -33709,7 +33710,7 @@ Index * --traditional option: Options. (line 86) * --traditional option, --posix option and: Options. (line 297) * --use-lc-numeric option: Options. (line 244) -* --version option: Options. (line 329) +* --version option: Options. (line 330) * -b option: Options. (line 73) * -c option: Options. (line 86) * -C option: Options. (line 93) @@ -33717,20 +33718,20 @@ Index * -D option: Options. (line 112) * -e option: Options. (line 121) * -E option: Options. (line 147) -* -e option <1>: Options. (line 365) +* -e option <1>: Options. (line 366) * -f option: Long. (line 12) * -F option: Options. (line 21) * -f option <1>: Options. (line 25) -* -F option, -Ft sets FS to TAB: Options. (line 337) +* -F option, -Ft sets FS to TAB: Options. (line 338) * -F option, command-line: Command Line Field Separator. (line 6) -* -f option, multiple uses: Options. (line 342) +* -f option, multiple uses: Options. (line 343) * -g option: Options. (line 169) * -h option: Options. (line 176) * -i option: Options. (line 181) * -l option: Options. (line 198) * -l option <1>: Options. (line 210) -* -L option: Options. (line 324) +* -L option: Options. (line 325) * -M option: Options. (line 229) * -n option: Options. (line 235) * -N option: Options. (line 244) @@ -33742,7 +33743,7 @@ Index * -s option: Options. (line 310) * -S option: Options. (line 315) * -v option: Options. (line 36) -* -V option: Options. (line 329) +* -V option: Options. (line 330) * -v option <1>: Assignment Options. (line 12) * -W option: Options. (line 51) * . (period), regexp operator: Regexp Operator Details. @@ -33971,6 +33972,7 @@ Index * arguments, command-line, invoking awk: Command Line. (line 6) * arguments, in function calls: Function Calls. (line 18) * arguments, processing: Getopt Function. (line 6) +* ARGV array: Options. (line 315) * ARGV array, indexing into: Other Arguments. (line 15) * arithmetic operators: Arithmetic Ops. (line 6) * array manipulation in extensions: Array Manipulation. (line 6) @@ -34491,7 +34493,7 @@ Index * cosine: Numeric Functions. (line 16) * counting: Wc Program. (line 6) * csh utility: Statements/Lines. (line 43) -* csh utility, POSIXLY_CORRECT environment variable: Options. (line 386) +* csh utility, POSIXLY_CORRECT environment variable: Options. (line 387) * csh utility, |& operator, comparison with: Two-way I/O. (line 27) * ctime() user-defined function: Function Example. (line 74) * Curreli, Marco: Contributors. (line 147) @@ -35339,7 +35341,7 @@ Index * gawk, TEXTDOMAIN variable in: User-modified. (line 155) * gawk, timestamps: Time Functions. (line 6) * gawk, uses for: Preface. (line 34) -* gawk, versions of, information about, printing: Options. (line 329) +* gawk, versions of, information about, printing: Options. (line 330) * gawk, VMS version of: VMS Installation. (line 6) * gawk, word-boundary operator: GNU Regexp Operators. (line 66) @@ -35673,7 +35675,7 @@ Index * lint checking, empty programs: Command Line. (line 16) * lint checking, issuing warnings: Options. (line 210) * lint checking, POSIXLY_CORRECT environment variable: Options. - (line 371) + (line 372) * lint checking, undefined functions: Function Caveats. (line 23) * LINT variable: User-modified. (line 90) * Linux: Manual History. (line 28) @@ -36035,7 +36037,7 @@ Index * portability, NF variable, decrementing: Changing Fields. (line 115) * portability, operators: Increment Ops. (line 60) * portability, operators, not in POSIX awk: Precedence. (line 97) -* portability, POSIXLY_CORRECT environment variable: Options. (line 391) +* portability, POSIXLY_CORRECT environment variable: Options. (line 392) * portability, substr() function: String Functions. (line 518) * portable object files: Explaining gettext. (line 37) * portable object files <1>: Translator i18n. (line 6) @@ -36087,11 +36089,11 @@ Index * POSIX awk, timestamps and: Time Functions. (line 6) * POSIX awk, | I/O operator and: Getline/Pipe. (line 56) * POSIX mode: Options. (line 282) -* POSIX mode <1>: Options. (line 371) +* POSIX mode <1>: Options. (line 372) * POSIX, awk and: Preface. (line 21) * POSIX, gawk extensions not included in: POSIX/GNU. (line 6) * POSIX, programs, implementing in awk: Clones. (line 6) -* POSIXLY_CORRECT environment variable: Options. (line 371) +* POSIXLY_CORRECT environment variable: Options. (line 372) * PREC variable: User-modified. (line 127) * precedence: Increment Ops. (line 60) * precedence <1>: Precedence. (line 6) @@ -36936,557 +36938,557 @@ Node: Intro Summary116293 Node: Invoking Gawk117177 Node: Command Line118691 Node: Options119489 -Ref: Options-Footnote-1136754 -Ref: Options-Footnote-2136985 -Node: Other Arguments137010 -Node: Naming Standard Input139957 -Node: Environment Variables141167 -Node: AWKPATH Variable141725 -Ref: AWKPATH Variable-Footnote-1145137 -Ref: AWKPATH Variable-Footnote-2145171 -Node: AWKLIBPATH Variable145432 -Node: Other Environment Variables147090 -Node: Exit Status150911 -Node: Include Files151588 -Node: Loading Shared Libraries155278 -Node: Obsolete156706 -Node: Undocumented157398 -Node: Invoking Summary157695 -Node: Regexp159355 -Node: Regexp Usage160809 -Node: Escape Sequences162846 -Node: Regexp Operators169078 -Node: Regexp Operator Details169563 -Ref: Regexp Operator Details-Footnote-1175685 -Node: Interval Expressions175832 -Ref: Interval Expressions-Footnote-1177267 -Node: Bracket Expressions177365 -Ref: table-char-classes179841 -Node: Leftmost Longest183167 -Node: Computed Regexps184470 -Node: GNU Regexp Operators187897 -Node: Case-sensitivity191576 -Ref: Case-sensitivity-Footnote-1194442 -Ref: Case-sensitivity-Footnote-2194677 -Node: Regexp Summary194785 -Node: Reading Files196251 -Node: Records198520 -Node: awk split records199595 -Node: gawk split records204870 -Ref: gawk split records-Footnote-1209456 -Node: Fields209493 -Node: Nonconstant Fields212234 -Ref: Nonconstant Fields-Footnote-1214470 -Node: Changing Fields214674 -Node: Field Separators220705 -Node: Default Field Splitting223403 -Node: Regexp Field Splitting224521 -Node: Single Character Fields227874 -Node: Command Line Field Separator228934 -Node: Full Line Fields232152 -Ref: Full Line Fields-Footnote-1233674 -Ref: Full Line Fields-Footnote-2233720 -Node: Field Splitting Summary233821 -Node: Constant Size235895 -Node: Fixed width data236627 -Node: Skipping intervening240094 -Node: Allowing trailing data240892 -Node: Fields with fixed data241929 -Node: Splitting By Content243447 -Ref: Splitting By Content-Footnote-1247097 -Node: Testing field creation247260 -Node: Multiple Line248885 -Node: Getline255162 -Node: Plain Getline257631 -Node: Getline/Variable260272 -Node: Getline/File261423 -Node: Getline/Variable/File262811 -Ref: Getline/Variable/File-Footnote-1264416 -Node: Getline/Pipe264504 -Node: Getline/Variable/Pipe267211 -Node: Getline/Coprocess268346 -Node: Getline/Variable/Coprocess269613 -Node: Getline Notes270355 -Node: Getline Summary273152 -Ref: table-getline-variants273576 -Node: Read Timeout274324 -Ref: Read Timeout-Footnote-1278230 -Node: Retrying Input278288 -Node: Command-line directories279487 -Node: Input Summary280393 -Node: Input Exercises283565 -Node: Printing284293 -Node: Print286127 -Node: Print Examples287584 -Node: Output Separators290364 -Node: OFMT292381 -Node: Printf293737 -Node: Basic Printf294522 -Node: Control Letters296096 -Node: Format Modifiers301260 -Node: Printf Examples307275 -Node: Redirection309761 -Node: Special FD316602 -Ref: Special FD-Footnote-1319770 -Node: Special Files319844 -Node: Other Inherited Files320461 -Node: Special Network321462 -Node: Special Caveats322322 -Node: Close Files And Pipes323271 -Ref: table-close-pipe-return-values330178 -Ref: Close Files And Pipes-Footnote-1330991 -Ref: Close Files And Pipes-Footnote-2331139 -Node: Nonfatal331291 -Node: Output Summary333629 -Node: Output Exercises334851 -Node: Expressions335530 -Node: Values336718 -Node: Constants337396 -Node: Scalar Constants338087 -Ref: Scalar Constants-Footnote-1340611 -Node: Nondecimal-numbers340861 -Node: Regexp Constants343862 -Node: Using Constant Regexps344388 -Node: Standard Regexp Constants345010 -Node: Strong Regexp Constants348198 -Node: Variables351156 -Node: Using Variables351813 -Node: Assignment Options353723 -Node: Conversion356190 -Node: Strings And Numbers356714 -Ref: Strings And Numbers-Footnote-1359777 -Node: Locale influences conversions359886 -Ref: table-locale-affects362644 -Node: All Operators363262 -Node: Arithmetic Ops363891 -Node: Concatenation366397 -Ref: Concatenation-Footnote-1369244 -Node: Assignment Ops369351 -Ref: table-assign-ops374342 -Node: Increment Ops375655 -Node: Truth Values and Conditions379115 -Node: Truth Values380189 -Node: Typing and Comparison381237 -Node: Variable Typing382057 -Ref: Variable Typing-Footnote-1388520 -Ref: Variable Typing-Footnote-2388592 -Node: Comparison Operators388669 -Ref: table-relational-ops389088 -Node: POSIX String Comparison392583 -Ref: POSIX String Comparison-Footnote-1394278 -Ref: POSIX String Comparison-Footnote-2394417 -Node: Boolean Ops394501 -Ref: Boolean Ops-Footnote-1398983 -Node: Conditional Exp399075 -Node: Function Calls400811 -Node: Precedence404688 -Node: Locales408347 -Node: Expressions Summary409979 -Node: Patterns and Actions412552 -Node: Pattern Overview413672 -Node: Regexp Patterns415349 -Node: Expression Patterns415891 -Node: Ranges419672 -Node: BEGIN/END422780 -Node: Using BEGIN/END423541 -Ref: Using BEGIN/END-Footnote-1426277 -Node: I/O And BEGIN/END426383 -Node: BEGINFILE/ENDFILE428697 -Node: Empty431610 -Node: Using Shell Variables431927 -Node: Action Overview434201 -Node: Statements436526 -Node: If Statement438374 -Node: While Statement439869 -Node: Do Statement441897 -Node: For Statement443045 -Node: Switch Statement446216 -Node: Break Statement448602 -Node: Continue Statement450694 -Node: Next Statement452521 -Node: Nextfile Statement454904 -Node: Exit Statement457556 -Node: Built-in Variables459959 -Node: User-modified461092 -Node: Auto-set468859 -Ref: Auto-set-Footnote-1485666 -Ref: Auto-set-Footnote-2485872 -Node: ARGC and ARGV485928 -Node: Pattern Action Summary490141 -Node: Arrays492571 -Node: Array Basics493900 -Node: Array Intro494744 -Ref: figure-array-elements496719 -Ref: Array Intro-Footnote-1499423 -Node: Reference to Elements499551 -Node: Assigning Elements502015 -Node: Array Example502506 -Node: Scanning an Array504265 -Node: Controlling Scanning507287 -Ref: Controlling Scanning-Footnote-1512686 -Node: Numeric Array Subscripts513002 -Node: Uninitialized Subscripts515186 -Node: Delete516805 -Ref: Delete-Footnote-1519557 -Node: Multidimensional519614 -Node: Multiscanning522709 -Node: Arrays of Arrays524300 -Node: Arrays Summary529068 -Node: Functions531161 -Node: Built-in532199 -Node: Calling Built-in533280 -Node: Numeric Functions535276 -Ref: Numeric Functions-Footnote-1539304 -Ref: Numeric Functions-Footnote-2539952 -Ref: Numeric Functions-Footnote-3540000 -Node: String Functions540272 -Ref: String Functions-Footnote-1564130 -Ref: String Functions-Footnote-2564258 -Ref: String Functions-Footnote-3564506 -Node: Gory Details564593 -Ref: table-sub-escapes566384 -Ref: table-sub-proposed567903 -Ref: table-posix-sub569266 -Ref: table-gensub-escapes570807 -Ref: Gory Details-Footnote-1571630 -Node: I/O Functions571784 -Ref: table-system-return-values578252 -Ref: I/O Functions-Footnote-1580332 -Ref: I/O Functions-Footnote-2580480 -Node: Time Functions580600 -Ref: Time Functions-Footnote-1591271 -Ref: Time Functions-Footnote-2591339 -Ref: Time Functions-Footnote-3591497 -Ref: Time Functions-Footnote-4591608 -Ref: Time Functions-Footnote-5591720 -Ref: Time Functions-Footnote-6591947 -Node: Bitwise Functions592213 -Ref: table-bitwise-ops592807 -Ref: Bitwise Functions-Footnote-1598870 -Ref: Bitwise Functions-Footnote-2599043 -Node: Type Functions599234 -Node: I18N Functions601985 -Node: User-defined603636 -Node: Definition Syntax604448 -Ref: Definition Syntax-Footnote-1610135 -Node: Function Example610206 -Ref: Function Example-Footnote-1613128 -Node: Function Calling613150 -Node: Calling A Function613738 -Node: Variable Scope614696 -Node: Pass By Value/Reference617690 -Node: Function Caveats620334 -Ref: Function Caveats-Footnote-1622381 -Node: Return Statement622501 -Node: Dynamic Typing625480 -Node: Indirect Calls626410 -Ref: Indirect Calls-Footnote-1636662 -Node: Functions Summary636790 -Node: Library Functions639495 -Ref: Library Functions-Footnote-1643102 -Ref: Library Functions-Footnote-2643245 -Node: Library Names643416 -Ref: Library Names-Footnote-1647083 -Ref: Library Names-Footnote-2647306 -Node: General Functions647392 -Node: Strtonum Function648495 -Node: Assert Function651517 -Node: Round Function654843 -Node: Cliff Random Function656383 -Node: Ordinal Functions657399 -Ref: Ordinal Functions-Footnote-1660462 -Ref: Ordinal Functions-Footnote-2660714 -Node: Join Function660924 -Ref: Join Function-Footnote-1662694 -Node: Getlocaltime Function662894 -Node: Readfile Function666636 -Node: Shell Quoting668613 -Node: Data File Management670014 -Node: Filetrans Function670646 -Node: Rewind Function674742 -Node: File Checking676651 -Ref: File Checking-Footnote-1677985 -Node: Empty Files678186 -Node: Ignoring Assigns680165 -Node: Getopt Function681715 -Ref: Getopt Function-Footnote-1693184 -Node: Passwd Functions693384 -Ref: Passwd Functions-Footnote-1702223 -Node: Group Functions702311 -Ref: Group Functions-Footnote-1710209 -Node: Walking Arrays710416 -Node: Library Functions Summary713424 -Node: Library Exercises714830 -Node: Sample Programs715295 -Node: Running Examples716065 -Node: Clones716793 -Node: Cut Program718017 -Node: Egrep Program727946 -Ref: Egrep Program-Footnote-1735458 -Node: Id Program735568 -Node: Split Program739248 -Ref: Split Program-Footnote-1742706 -Node: Tee Program742835 -Node: Uniq Program745625 -Node: Wc Program753246 -Ref: Wc Program-Footnote-1757501 -Node: Miscellaneous Programs757595 -Node: Dupword Program758808 -Node: Alarm Program760838 -Node: Translate Program765693 -Ref: Translate Program-Footnote-1770258 -Node: Labels Program770528 -Ref: Labels Program-Footnote-1773879 -Node: Word Sorting773963 -Node: History Sorting778035 -Node: Extract Program779870 -Node: Simple Sed787924 -Node: Igawk Program790998 -Ref: Igawk Program-Footnote-1805329 -Ref: Igawk Program-Footnote-2805531 -Ref: Igawk Program-Footnote-3805653 -Node: Anagram Program805768 -Node: Signature Program808830 -Node: Programs Summary810077 -Node: Programs Exercises811291 -Ref: Programs Exercises-Footnote-1815420 -Node: Advanced Features815511 -Node: Nondecimal Data817501 -Node: Array Sorting819092 -Node: Controlling Array Traversal819792 -Ref: Controlling Array Traversal-Footnote-1828160 -Node: Array Sorting Functions828278 -Ref: Array Sorting Functions-Footnote-1833369 -Node: Two-way I/O833565 -Ref: Two-way I/O-Footnote-1841286 -Ref: Two-way I/O-Footnote-2841473 -Node: TCP/IP Networking841555 -Node: Profiling844673 -Node: Advanced Features Summary853688 -Node: Internationalization855532 -Node: I18N and L10N857012 -Node: Explaining gettext857699 -Ref: Explaining gettext-Footnote-1863591 -Ref: Explaining gettext-Footnote-2863776 -Node: Programmer i18n863941 -Ref: Programmer i18n-Footnote-1868890 -Node: Translator i18n868939 -Node: String Extraction869733 -Ref: String Extraction-Footnote-1870865 -Node: Printf Ordering870951 -Ref: Printf Ordering-Footnote-1873737 -Node: I18N Portability873801 -Ref: I18N Portability-Footnote-1876257 -Node: I18N Example876320 -Ref: I18N Example-Footnote-1879595 -Ref: I18N Example-Footnote-2879668 -Node: Gawk I18N879777 -Node: I18N Summary880426 -Node: Debugger881767 -Node: Debugging882767 -Node: Debugging Concepts883208 -Node: Debugging Terms885017 -Node: Awk Debugging887592 -Ref: Awk Debugging-Footnote-1888537 -Node: Sample Debugging Session888669 -Node: Debugger Invocation889203 -Node: Finding The Bug890589 -Node: List of Debugger Commands897063 -Node: Breakpoint Control898396 -Node: Debugger Execution Control902090 -Node: Viewing And Changing Data905452 -Node: Execution Stack908993 -Node: Debugger Info910630 -Node: Miscellaneous Debugger Commands914701 -Node: Readline Support919763 -Node: Limitations920659 -Node: Debugging Summary923213 -Node: Namespaces924492 -Node: Global Namespace925571 -Node: Qualified Names926969 -Node: Default Namespace927968 -Node: Changing The Namespace928709 -Node: Naming Rules930323 -Node: Internal Name Management932171 -Node: Namespace Example933213 -Node: Namespace And Features935775 -Node: Namespace Summary937210 -Node: Arbitrary Precision Arithmetic938687 -Node: Computer Arithmetic940174 -Ref: table-numeric-ranges943940 -Ref: table-floating-point-ranges944433 -Ref: Computer Arithmetic-Footnote-1945091 -Node: Math Definitions945148 -Ref: table-ieee-formats948464 -Ref: Math Definitions-Footnote-1949067 -Node: MPFR features949172 -Node: FP Math Caution950890 -Ref: FP Math Caution-Footnote-1951962 -Node: Inexactness of computations952331 -Node: Inexact representation953291 -Node: Comparing FP Values954651 -Node: Errors accumulate955892 -Node: Getting Accuracy957325 -Node: Try To Round960035 -Node: Setting precision960934 -Ref: table-predefined-precision-strings961631 -Node: Setting the rounding mode963461 -Ref: table-gawk-rounding-modes963835 -Ref: Setting the rounding mode-Footnote-1967766 -Node: Arbitrary Precision Integers967945 -Ref: Arbitrary Precision Integers-Footnote-1971120 -Node: Checking for MPFR971269 -Node: POSIX Floating Point Problems972743 -Ref: POSIX Floating Point Problems-Footnote-1977028 -Node: Floating point summary977066 -Node: Dynamic Extensions979256 -Node: Extension Intro980809 -Node: Plugin License982075 -Node: Extension Mechanism Outline982872 -Ref: figure-load-extension983311 -Ref: figure-register-new-function984876 -Ref: figure-call-new-function985968 -Node: Extension API Description988030 -Node: Extension API Functions Introduction989672 -Ref: table-api-std-headers991508 -Node: General Data Types995373 -Ref: General Data Types-Footnote-11003734 -Node: Memory Allocation Functions1004033 -Ref: Memory Allocation Functions-Footnote-11008243 -Node: Constructor Functions1008342 -Node: Registration Functions1011928 -Node: Extension Functions1012613 -Node: Exit Callback Functions1017935 -Node: Extension Version String1019185 -Node: Input Parsers1019848 -Node: Output Wrappers1032569 -Node: Two-way processors1037081 -Node: Printing Messages1039346 -Ref: Printing Messages-Footnote-11040517 -Node: Updating ERRNO1040670 -Node: Requesting Values1041409 -Ref: table-value-types-returned1042146 -Node: Accessing Parameters1043082 -Node: Symbol Table Access1044317 -Node: Symbol table by name1044829 -Ref: Symbol table by name-Footnote-11047853 -Node: Symbol table by cookie1047981 -Ref: Symbol table by cookie-Footnote-11052166 -Node: Cached values1052230 -Ref: Cached values-Footnote-11055766 -Node: Array Manipulation1055919 -Ref: Array Manipulation-Footnote-11057010 -Node: Array Data Types1057047 -Ref: Array Data Types-Footnote-11059705 -Node: Array Functions1059797 -Node: Flattening Arrays1064295 -Node: Creating Arrays1071271 -Node: Redirection API1076038 -Node: Extension API Variables1078871 -Node: Extension Versioning1079582 -Ref: gawk-api-version1080011 -Node: Extension GMP/MPFR Versioning1081742 -Node: Extension API Informational Variables1083370 -Node: Extension API Boilerplate1084443 -Node: Changes from API V11088417 -Node: Finding Extensions1089989 -Node: Extension Example1090548 -Node: Internal File Description1091346 -Node: Internal File Ops1095426 -Ref: Internal File Ops-Footnote-11106776 -Node: Using Internal File Ops1106916 -Ref: Using Internal File Ops-Footnote-11109299 -Node: Extension Samples1109573 -Node: Extension Sample File Functions1111102 -Node: Extension Sample Fnmatch1118751 -Node: Extension Sample Fork1120238 -Node: Extension Sample Inplace1121456 -Node: Extension Sample Ord1124760 -Node: Extension Sample Readdir1125596 -Ref: table-readdir-file-types1126485 -Node: Extension Sample Revout1127290 -Node: Extension Sample Rev2way1127879 -Node: Extension Sample Read write array1128619 -Node: Extension Sample Readfile1130561 -Node: Extension Sample Time1131656 -Node: Extension Sample API Tests1133004 -Node: gawkextlib1133496 -Node: Extension summary1136414 -Node: Extension Exercises1140116 -Node: Language History1141358 -Node: V7/SVR3.11143014 -Node: SVR41145166 -Node: POSIX1146600 -Node: BTL1147980 -Node: POSIX/GNU1148709 -Node: Feature History1154487 -Node: Common Extensions1170533 -Node: Ranges and Locales1171816 -Ref: Ranges and Locales-Footnote-11176432 -Ref: Ranges and Locales-Footnote-21176459 -Ref: Ranges and Locales-Footnote-31176694 -Node: Contributors1176915 -Node: History summary1182860 -Node: Installation1184240 -Node: Gawk Distribution1185184 -Node: Getting1185668 -Node: Extracting1186631 -Node: Distribution contents1188269 -Node: Unix Installation1194749 -Node: Quick Installation1195431 -Node: Shell Startup Files1197845 -Node: Additional Configuration Options1198934 -Node: Configuration Philosophy1201249 -Node: Non-Unix Installation1203618 -Node: PC Installation1204078 -Node: PC Binary Installation1204916 -Node: PC Compiling1205351 -Node: PC Using1206468 -Node: Cygwin1210021 -Node: MSYS1211120 -Node: VMS Installation1211621 -Node: VMS Compilation1212412 -Ref: VMS Compilation-Footnote-11213641 -Node: VMS Dynamic Extensions1213699 -Node: VMS Installation Details1215384 -Node: VMS Running1217637 -Node: VMS GNV1221916 -Node: VMS Old Gawk1222651 -Node: Bugs1223122 -Node: Bug address1223785 -Node: Usenet1226767 -Node: Maintainers1227771 -Node: Other Versions1229032 -Node: Installation summary1236120 -Node: Notes1237322 -Node: Compatibility Mode1238116 -Node: Additions1238898 -Node: Accessing The Source1239823 -Node: Adding Code1241260 -Node: New Ports1247479 -Node: Derived Files1251854 -Ref: Derived Files-Footnote-11257514 -Ref: Derived Files-Footnote-21257549 -Ref: Derived Files-Footnote-31258147 -Node: Future Extensions1258261 -Node: Implementation Limitations1258919 -Node: Extension Design1260102 -Node: Old Extension Problems1261246 -Ref: Old Extension Problems-Footnote-11262764 -Node: Extension New Mechanism Goals1262821 -Ref: Extension New Mechanism Goals-Footnote-11266185 -Node: Extension Other Design Decisions1266374 -Node: Extension Future Growth1268487 -Node: Notes summary1269323 -Node: Basic Concepts1270481 -Node: Basic High Level1271162 -Ref: figure-general-flow1271444 -Ref: figure-process-flow1272129 -Ref: Basic High Level-Footnote-11275430 -Node: Basic Data Typing1275615 -Node: Glossary1278943 -Node: Copying1310781 -Node: GNU Free Documentation License1348324 -Node: Index1373444 +Ref: Options-Footnote-1136851 +Ref: Options-Footnote-2137082 +Node: Other Arguments137107 +Node: Naming Standard Input140054 +Node: Environment Variables141264 +Node: AWKPATH Variable141822 +Ref: AWKPATH Variable-Footnote-1145234 +Ref: AWKPATH Variable-Footnote-2145268 +Node: AWKLIBPATH Variable145529 +Node: Other Environment Variables147187 +Node: Exit Status151008 +Node: Include Files151685 +Node: Loading Shared Libraries155375 +Node: Obsolete156803 +Node: Undocumented157495 +Node: Invoking Summary157792 +Node: Regexp159452 +Node: Regexp Usage160906 +Node: Escape Sequences162943 +Node: Regexp Operators169175 +Node: Regexp Operator Details169660 +Ref: Regexp Operator Details-Footnote-1175782 +Node: Interval Expressions175929 +Ref: Interval Expressions-Footnote-1177364 +Node: Bracket Expressions177462 +Ref: table-char-classes179938 +Node: Leftmost Longest183264 +Node: Computed Regexps184567 +Node: GNU Regexp Operators187994 +Node: Case-sensitivity191673 +Ref: Case-sensitivity-Footnote-1194539 +Ref: Case-sensitivity-Footnote-2194774 +Node: Regexp Summary194882 +Node: Reading Files196348 +Node: Records198617 +Node: awk split records199692 +Node: gawk split records204967 +Ref: gawk split records-Footnote-1209553 +Node: Fields209590 +Node: Nonconstant Fields212331 +Ref: Nonconstant Fields-Footnote-1214567 +Node: Changing Fields214771 +Node: Field Separators220802 +Node: Default Field Splitting223500 +Node: Regexp Field Splitting224618 +Node: Single Character Fields227971 +Node: Command Line Field Separator229031 +Node: Full Line Fields232249 +Ref: Full Line Fields-Footnote-1233771 +Ref: Full Line Fields-Footnote-2233817 +Node: Field Splitting Summary233918 +Node: Constant Size235992 +Node: Fixed width data236724 +Node: Skipping intervening240191 +Node: Allowing trailing data240989 +Node: Fields with fixed data242026 +Node: Splitting By Content243544 +Ref: Splitting By Content-Footnote-1247194 +Node: Testing field creation247357 +Node: Multiple Line248982 +Node: Getline255259 +Node: Plain Getline257728 +Node: Getline/Variable260369 +Node: Getline/File261520 +Node: Getline/Variable/File262908 +Ref: Getline/Variable/File-Footnote-1264513 +Node: Getline/Pipe264601 +Node: Getline/Variable/Pipe267308 +Node: Getline/Coprocess268443 +Node: Getline/Variable/Coprocess269710 +Node: Getline Notes270452 +Node: Getline Summary273249 +Ref: table-getline-variants273673 +Node: Read Timeout274421 +Ref: Read Timeout-Footnote-1278327 +Node: Retrying Input278385 +Node: Command-line directories279584 +Node: Input Summary280490 +Node: Input Exercises283662 +Node: Printing284390 +Node: Print286224 +Node: Print Examples287681 +Node: Output Separators290461 +Node: OFMT292478 +Node: Printf293834 +Node: Basic Printf294619 +Node: Control Letters296193 +Node: Format Modifiers301357 +Node: Printf Examples307372 +Node: Redirection309858 +Node: Special FD316699 +Ref: Special FD-Footnote-1319867 +Node: Special Files319941 +Node: Other Inherited Files320558 +Node: Special Network321559 +Node: Special Caveats322419 +Node: Close Files And Pipes323368 +Ref: table-close-pipe-return-values330275 +Ref: Close Files And Pipes-Footnote-1331088 +Ref: Close Files And Pipes-Footnote-2331236 +Node: Nonfatal331388 +Node: Output Summary333726 +Node: Output Exercises334948 +Node: Expressions335627 +Node: Values336815 +Node: Constants337493 +Node: Scalar Constants338184 +Ref: Scalar Constants-Footnote-1340708 +Node: Nondecimal-numbers340958 +Node: Regexp Constants343959 +Node: Using Constant Regexps344485 +Node: Standard Regexp Constants345107 +Node: Strong Regexp Constants348295 +Node: Variables351253 +Node: Using Variables351910 +Node: Assignment Options353820 +Node: Conversion356287 +Node: Strings And Numbers356811 +Ref: Strings And Numbers-Footnote-1359874 +Node: Locale influences conversions359983 +Ref: table-locale-affects362741 +Node: All Operators363359 +Node: Arithmetic Ops363988 +Node: Concatenation366494 +Ref: Concatenation-Footnote-1369341 +Node: Assignment Ops369448 +Ref: table-assign-ops374439 +Node: Increment Ops375752 +Node: Truth Values and Conditions379212 +Node: Truth Values380286 +Node: Typing and Comparison381334 +Node: Variable Typing382154 +Ref: Variable Typing-Footnote-1388617 +Ref: Variable Typing-Footnote-2388689 +Node: Comparison Operators388766 +Ref: table-relational-ops389185 +Node: POSIX String Comparison392680 +Ref: POSIX String Comparison-Footnote-1394375 +Ref: POSIX String Comparison-Footnote-2394514 +Node: Boolean Ops394598 +Ref: Boolean Ops-Footnote-1399080 +Node: Conditional Exp399172 +Node: Function Calls400908 +Node: Precedence404785 +Node: Locales408444 +Node: Expressions Summary410076 +Node: Patterns and Actions412649 +Node: Pattern Overview413769 +Node: Regexp Patterns415446 +Node: Expression Patterns415988 +Node: Ranges419769 +Node: BEGIN/END422877 +Node: Using BEGIN/END423638 +Ref: Using BEGIN/END-Footnote-1426374 +Node: I/O And BEGIN/END426480 +Node: BEGINFILE/ENDFILE428794 +Node: Empty431707 +Node: Using Shell Variables432024 +Node: Action Overview434298 +Node: Statements436623 +Node: If Statement438471 +Node: While Statement439966 +Node: Do Statement441994 +Node: For Statement443142 +Node: Switch Statement446313 +Node: Break Statement448699 +Node: Continue Statement450791 +Node: Next Statement452618 +Node: Nextfile Statement455001 +Node: Exit Statement457653 +Node: Built-in Variables460056 +Node: User-modified461189 +Node: Auto-set468956 +Ref: Auto-set-Footnote-1485763 +Ref: Auto-set-Footnote-2485969 +Node: ARGC and ARGV486025 +Node: Pattern Action Summary490238 +Node: Arrays492668 +Node: Array Basics493997 +Node: Array Intro494841 +Ref: figure-array-elements496816 +Ref: Array Intro-Footnote-1499520 +Node: Reference to Elements499648 +Node: Assigning Elements502112 +Node: Array Example502603 +Node: Scanning an Array504362 +Node: Controlling Scanning507384 +Ref: Controlling Scanning-Footnote-1512783 +Node: Numeric Array Subscripts513099 +Node: Uninitialized Subscripts515283 +Node: Delete516902 +Ref: Delete-Footnote-1519654 +Node: Multidimensional519711 +Node: Multiscanning522806 +Node: Arrays of Arrays524397 +Node: Arrays Summary529165 +Node: Functions531258 +Node: Built-in532296 +Node: Calling Built-in533377 +Node: Numeric Functions535373 +Ref: Numeric Functions-Footnote-1539401 +Ref: Numeric Functions-Footnote-2540049 +Ref: Numeric Functions-Footnote-3540097 +Node: String Functions540369 +Ref: String Functions-Footnote-1564227 +Ref: String Functions-Footnote-2564355 +Ref: String Functions-Footnote-3564603 +Node: Gory Details564690 +Ref: table-sub-escapes566481 +Ref: table-sub-proposed568000 +Ref: table-posix-sub569363 +Ref: table-gensub-escapes570904 +Ref: Gory Details-Footnote-1571727 +Node: I/O Functions571881 +Ref: table-system-return-values578349 +Ref: I/O Functions-Footnote-1580429 +Ref: I/O Functions-Footnote-2580577 +Node: Time Functions580697 +Ref: Time Functions-Footnote-1591368 +Ref: Time Functions-Footnote-2591436 +Ref: Time Functions-Footnote-3591594 +Ref: Time Functions-Footnote-4591705 +Ref: Time Functions-Footnote-5591817 +Ref: Time Functions-Footnote-6592044 +Node: Bitwise Functions592310 +Ref: table-bitwise-ops592904 +Ref: Bitwise Functions-Footnote-1598967 +Ref: Bitwise Functions-Footnote-2599140 +Node: Type Functions599331 +Node: I18N Functions602082 +Node: User-defined603733 +Node: Definition Syntax604545 +Ref: Definition Syntax-Footnote-1610232 +Node: Function Example610303 +Ref: Function Example-Footnote-1613225 +Node: Function Calling613247 +Node: Calling A Function613835 +Node: Variable Scope614793 +Node: Pass By Value/Reference617787 +Node: Function Caveats620431 +Ref: Function Caveats-Footnote-1622478 +Node: Return Statement622598 +Node: Dynamic Typing625577 +Node: Indirect Calls626507 +Ref: Indirect Calls-Footnote-1636759 +Node: Functions Summary636887 +Node: Library Functions639592 +Ref: Library Functions-Footnote-1643199 +Ref: Library Functions-Footnote-2643342 +Node: Library Names643513 +Ref: Library Names-Footnote-1647180 +Ref: Library Names-Footnote-2647403 +Node: General Functions647489 +Node: Strtonum Function648592 +Node: Assert Function651614 +Node: Round Function654940 +Node: Cliff Random Function656480 +Node: Ordinal Functions657496 +Ref: Ordinal Functions-Footnote-1660559 +Ref: Ordinal Functions-Footnote-2660811 +Node: Join Function661021 +Ref: Join Function-Footnote-1662791 +Node: Getlocaltime Function662991 +Node: Readfile Function666733 +Node: Shell Quoting668710 +Node: Data File Management670111 +Node: Filetrans Function670743 +Node: Rewind Function674839 +Node: File Checking676748 +Ref: File Checking-Footnote-1678082 +Node: Empty Files678283 +Node: Ignoring Assigns680262 +Node: Getopt Function681812 +Ref: Getopt Function-Footnote-1693281 +Node: Passwd Functions693481 +Ref: Passwd Functions-Footnote-1702320 +Node: Group Functions702408 +Ref: Group Functions-Footnote-1710306 +Node: Walking Arrays710513 +Node: Library Functions Summary713521 +Node: Library Exercises714927 +Node: Sample Programs715392 +Node: Running Examples716162 +Node: Clones716890 +Node: Cut Program718114 +Node: Egrep Program728043 +Ref: Egrep Program-Footnote-1735555 +Node: Id Program735665 +Node: Split Program739345 +Ref: Split Program-Footnote-1742803 +Node: Tee Program742932 +Node: Uniq Program745722 +Node: Wc Program753343 +Ref: Wc Program-Footnote-1757598 +Node: Miscellaneous Programs757692 +Node: Dupword Program758905 +Node: Alarm Program760935 +Node: Translate Program765790 +Ref: Translate Program-Footnote-1770355 +Node: Labels Program770625 +Ref: Labels Program-Footnote-1773976 +Node: Word Sorting774060 +Node: History Sorting778132 +Node: Extract Program779967 +Node: Simple Sed788021 +Node: Igawk Program791095 +Ref: Igawk Program-Footnote-1805426 +Ref: Igawk Program-Footnote-2805628 +Ref: Igawk Program-Footnote-3805750 +Node: Anagram Program805865 +Node: Signature Program808927 +Node: Programs Summary810174 +Node: Programs Exercises811388 +Ref: Programs Exercises-Footnote-1815517 +Node: Advanced Features815608 +Node: Nondecimal Data817598 +Node: Array Sorting819189 +Node: Controlling Array Traversal819889 +Ref: Controlling Array Traversal-Footnote-1828257 +Node: Array Sorting Functions828375 +Ref: Array Sorting Functions-Footnote-1833466 +Node: Two-way I/O833662 +Ref: Two-way I/O-Footnote-1841383 +Ref: Two-way I/O-Footnote-2841570 +Node: TCP/IP Networking841652 +Node: Profiling844770 +Node: Advanced Features Summary853785 +Node: Internationalization855629 +Node: I18N and L10N857109 +Node: Explaining gettext857796 +Ref: Explaining gettext-Footnote-1863688 +Ref: Explaining gettext-Footnote-2863873 +Node: Programmer i18n864038 +Ref: Programmer i18n-Footnote-1868987 +Node: Translator i18n869036 +Node: String Extraction869830 +Ref: String Extraction-Footnote-1870962 +Node: Printf Ordering871048 +Ref: Printf Ordering-Footnote-1873834 +Node: I18N Portability873898 +Ref: I18N Portability-Footnote-1876354 +Node: I18N Example876417 +Ref: I18N Example-Footnote-1879692 +Ref: I18N Example-Footnote-2879765 +Node: Gawk I18N879874 +Node: I18N Summary880523 +Node: Debugger881864 +Node: Debugging882864 +Node: Debugging Concepts883305 +Node: Debugging Terms885114 +Node: Awk Debugging887689 +Ref: Awk Debugging-Footnote-1888634 +Node: Sample Debugging Session888766 +Node: Debugger Invocation889300 +Node: Finding The Bug890686 +Node: List of Debugger Commands897160 +Node: Breakpoint Control898493 +Node: Debugger Execution Control902187 +Node: Viewing And Changing Data905549 +Node: Execution Stack909090 +Node: Debugger Info910727 +Node: Miscellaneous Debugger Commands914798 +Node: Readline Support919860 +Node: Limitations920756 +Node: Debugging Summary923310 +Node: Namespaces924589 +Node: Global Namespace925668 +Node: Qualified Names927066 +Node: Default Namespace928065 +Node: Changing The Namespace928806 +Node: Naming Rules930420 +Node: Internal Name Management932268 +Node: Namespace Example933310 +Node: Namespace And Features935872 +Node: Namespace Summary937307 +Node: Arbitrary Precision Arithmetic938784 +Node: Computer Arithmetic940271 +Ref: table-numeric-ranges944037 +Ref: table-floating-point-ranges944530 +Ref: Computer Arithmetic-Footnote-1945188 +Node: Math Definitions945245 +Ref: table-ieee-formats948561 +Ref: Math Definitions-Footnote-1949164 +Node: MPFR features949269 +Node: FP Math Caution950987 +Ref: FP Math Caution-Footnote-1952059 +Node: Inexactness of computations952428 +Node: Inexact representation953388 +Node: Comparing FP Values954748 +Node: Errors accumulate955989 +Node: Getting Accuracy957422 +Node: Try To Round960132 +Node: Setting precision961031 +Ref: table-predefined-precision-strings961728 +Node: Setting the rounding mode963558 +Ref: table-gawk-rounding-modes963932 +Ref: Setting the rounding mode-Footnote-1967863 +Node: Arbitrary Precision Integers968042 +Ref: Arbitrary Precision Integers-Footnote-1971217 +Node: Checking for MPFR971366 +Node: POSIX Floating Point Problems972840 +Ref: POSIX Floating Point Problems-Footnote-1977125 +Node: Floating point summary977163 +Node: Dynamic Extensions979353 +Node: Extension Intro980906 +Node: Plugin License982172 +Node: Extension Mechanism Outline982969 +Ref: figure-load-extension983408 +Ref: figure-register-new-function984973 +Ref: figure-call-new-function986065 +Node: Extension API Description988127 +Node: Extension API Functions Introduction989769 +Ref: table-api-std-headers991605 +Node: General Data Types995470 +Ref: General Data Types-Footnote-11003831 +Node: Memory Allocation Functions1004130 +Ref: Memory Allocation Functions-Footnote-11008340 +Node: Constructor Functions1008439 +Node: Registration Functions1012025 +Node: Extension Functions1012710 +Node: Exit Callback Functions1018032 +Node: Extension Version String1019282 +Node: Input Parsers1019945 +Node: Output Wrappers1032666 +Node: Two-way processors1037178 +Node: Printing Messages1039443 +Ref: Printing Messages-Footnote-11040614 +Node: Updating ERRNO1040767 +Node: Requesting Values1041506 +Ref: table-value-types-returned1042243 +Node: Accessing Parameters1043179 +Node: Symbol Table Access1044414 +Node: Symbol table by name1044926 +Ref: Symbol table by name-Footnote-11047950 +Node: Symbol table by cookie1048078 +Ref: Symbol table by cookie-Footnote-11052263 +Node: Cached values1052327 +Ref: Cached values-Footnote-11055863 +Node: Array Manipulation1056016 +Ref: Array Manipulation-Footnote-11057107 +Node: Array Data Types1057144 +Ref: Array Data Types-Footnote-11059802 +Node: Array Functions1059894 +Node: Flattening Arrays1064392 +Node: Creating Arrays1071368 +Node: Redirection API1076135 +Node: Extension API Variables1078968 +Node: Extension Versioning1079679 +Ref: gawk-api-version1080108 +Node: Extension GMP/MPFR Versioning1081839 +Node: Extension API Informational Variables1083467 +Node: Extension API Boilerplate1084540 +Node: Changes from API V11088514 +Node: Finding Extensions1090086 +Node: Extension Example1090645 +Node: Internal File Description1091443 +Node: Internal File Ops1095523 +Ref: Internal File Ops-Footnote-11106873 +Node: Using Internal File Ops1107013 +Ref: Using Internal File Ops-Footnote-11109396 +Node: Extension Samples1109670 +Node: Extension Sample File Functions1111199 +Node: Extension Sample Fnmatch1118848 +Node: Extension Sample Fork1120335 +Node: Extension Sample Inplace1121553 +Node: Extension Sample Ord1124857 +Node: Extension Sample Readdir1125693 +Ref: table-readdir-file-types1126582 +Node: Extension Sample Revout1127387 +Node: Extension Sample Rev2way1127976 +Node: Extension Sample Read write array1128716 +Node: Extension Sample Readfile1130658 +Node: Extension Sample Time1131753 +Node: Extension Sample API Tests1133101 +Node: gawkextlib1133593 +Node: Extension summary1136511 +Node: Extension Exercises1140213 +Node: Language History1141455 +Node: V7/SVR3.11143111 +Node: SVR41145263 +Node: POSIX1146697 +Node: BTL1148077 +Node: POSIX/GNU1148806 +Node: Feature History1154584 +Node: Common Extensions1170630 +Node: Ranges and Locales1171913 +Ref: Ranges and Locales-Footnote-11176529 +Ref: Ranges and Locales-Footnote-21176556 +Ref: Ranges and Locales-Footnote-31176791 +Node: Contributors1177012 +Node: History summary1182965 +Node: Installation1184345 +Node: Gawk Distribution1185289 +Node: Getting1185773 +Node: Extracting1186736 +Node: Distribution contents1188374 +Node: Unix Installation1194854 +Node: Quick Installation1195536 +Node: Shell Startup Files1197950 +Node: Additional Configuration Options1199039 +Node: Configuration Philosophy1201354 +Node: Non-Unix Installation1203723 +Node: PC Installation1204183 +Node: PC Binary Installation1205021 +Node: PC Compiling1205456 +Node: PC Using1206573 +Node: Cygwin1210126 +Node: MSYS1211225 +Node: VMS Installation1211726 +Node: VMS Compilation1212517 +Ref: VMS Compilation-Footnote-11213746 +Node: VMS Dynamic Extensions1213804 +Node: VMS Installation Details1215489 +Node: VMS Running1217742 +Node: VMS GNV1222021 +Node: VMS Old Gawk1222756 +Node: Bugs1223227 +Node: Bug address1223890 +Node: Usenet1226872 +Node: Maintainers1227876 +Node: Other Versions1229137 +Node: Installation summary1236225 +Node: Notes1237427 +Node: Compatibility Mode1238221 +Node: Additions1239003 +Node: Accessing The Source1239928 +Node: Adding Code1241365 +Node: New Ports1247584 +Node: Derived Files1251959 +Ref: Derived Files-Footnote-11257619 +Ref: Derived Files-Footnote-21257654 +Ref: Derived Files-Footnote-31258252 +Node: Future Extensions1258366 +Node: Implementation Limitations1259024 +Node: Extension Design1260207 +Node: Old Extension Problems1261351 +Ref: Old Extension Problems-Footnote-11262869 +Node: Extension New Mechanism Goals1262926 +Ref: Extension New Mechanism Goals-Footnote-11266290 +Node: Extension Other Design Decisions1266479 +Node: Extension Future Growth1268592 +Node: Notes summary1269428 +Node: Basic Concepts1270586 +Node: Basic High Level1271267 +Ref: figure-general-flow1271549 +Ref: figure-process-flow1272234 +Ref: Basic High Level-Footnote-11275535 +Node: Basic Data Typing1275720 +Node: Glossary1279048 +Node: Copying1310886 +Node: GNU Free Documentation License1348429 +Node: Index1373549 End Tag Table diff --git a/doc/gawk.texi b/doc/gawk.texi index d56261b6..0844b80c 100644 --- a/doc/gawk.texi +++ b/doc/gawk.texi @@ -4271,10 +4271,13 @@ representation of the program. @cindex @option{-S} option @cindex @option{--sandbox} option @cindex sandbox mode +@cindex @code{ARGV} array Disable the @code{system()} function, input redirections with @code{getline}, output redirections with @code{print} and @code{printf}, and dynamic extensions. +Also, disallow adding filenames to @code{ARGV} that were +not there when @command{gawk} started running. This is particularly useful when you want to run @command{awk} scripts from questionable sources and need to make sure the scripts can't access your system (other than the specified input @value{DF}). @@ -39955,7 +39958,7 @@ Anders Wallin helped keep the VMS port going for several years. @item @cindex Gordon, Assaf -Assaf Gordon contributed the code to implement the +Assaf Gordon contributed the initial code to implement the @option{--sandbox} option. @item diff --git a/doc/gawktexi.in b/doc/gawktexi.in index 5487bb7f..80650513 100644 --- a/doc/gawktexi.in +++ b/doc/gawktexi.in @@ -4181,10 +4181,13 @@ representation of the program. @cindex @option{-S} option @cindex @option{--sandbox} option @cindex sandbox mode +@cindex @code{ARGV} array Disable the @code{system()} function, input redirections with @code{getline}, output redirections with @code{print} and @code{printf}, and dynamic extensions. +Also, disallow adding filenames to @code{ARGV} that were +not there when @command{gawk} started running. This is particularly useful when you want to run @command{awk} scripts from questionable sources and need to make sure the scripts can't access your system (other than the specified input @value{DF}). @@ -38928,7 +38931,7 @@ Anders Wallin helped keep the VMS port going for several years. @item @cindex Gordon, Assaf -Assaf Gordon contributed the code to implement the +Assaf Gordon contributed the initial code to implement the @option{--sandbox} option. @item @@ -749,6 +749,7 @@ init_args(int argc0, int argc, const char *argv0, char **argv) { int i, j; NODE *sub, *val; + NODE *shadow_node = NULL; ARGV_node = install_symbol(estrdup("ARGV", 4), Node_var_array); sub = make_number(0.0); @@ -756,15 +757,32 @@ init_args(int argc0, int argc, const char *argv0, char **argv) val->flags |= USER_INPUT; assoc_set(ARGV_node, sub, val); + if (do_sandbox) { + shadow_node = make_array(); + sub = make_string(argv0, strlen(argv0)); + val = make_number(0.0); + assoc_set(shadow_node, sub, val); + } + + for (i = argc0, j = 1; i < argc; i++, j++) { sub = make_number((AWKNUM) j); val = make_string(argv[i], strlen(argv[i])); val->flags |= USER_INPUT; assoc_set(ARGV_node, sub, val); + + if (do_sandbox) { + sub = make_string(argv[i], strlen(argv[i])); + val = make_number(0.0); + assoc_set(shadow_node, sub, val); + } } ARGC_node = install_symbol(estrdup("ARGC", 4), Node_var); ARGC_node->var_value = make_number((AWKNUM) j); + + if (do_sandbox) + init_argv_array(ARGV_node, shadow_node); } diff --git a/test/ChangeLog b/test/ChangeLog index e5b9dce2..c3d7475f 100644 --- a/test/ChangeLog +++ b/test/ChangeLog @@ -1,6 +1,13 @@ +2019-05-06 Arnold D. Robbins <arnold@skeeve.com> + + * Makefile.am (EXTRA_DIST): New test: sandbox1. + (NEED_SANDBOX): New list of tests. + * Gentests: Handle NEED_SANDBOX. + * sandbox1.awk, sandbox1.ok: New files. + 2019-02-22 Andrew J. Schorr <aschorr@telemetry-investments.com> - * Makefile.am (EXTRA_DIST): New test assignnumfield2. + * Makefile.am (EXTRA_DIST): New test: assignnumfield2. * assignnumfield2.awk, assignnumfield2.ok: New files. 2019-04-21 Arnold D. Robbins <arnold@skeeve.com> diff --git a/test/Gentests b/test/Gentests index cf4ba908..9f51b927 100755 --- a/test/Gentests +++ b/test/Gentests @@ -94,6 +94,13 @@ BEGIN { next } +/^NEED_SANDBOX *=/,/[^\\]$/ { + gsub(/(^NEED_SANDBOX *=|\\$)/,"") + for (i = 1; i <= NF; i++) + sandbox[$i] + next +} + /^GENTESTS_UNUSED *=/,/[^\\]$/ { gsub(/(^GENTESTS_UNUSED *=|\\$)/,"") for (i = 1; i <= NF; i++) @@ -204,6 +211,10 @@ function generate(x, s, i, locale_string) s = s " --traditional" delete traditional[x] } + if (x in sandbox) { + s = s " --sandbox" + delete sandbox[x] + } if (x in pretty) { s = s " --pretty-print=_$@" delete pretty[x] diff --git a/test/Makefile.am b/test/Makefile.am index 4a5ab2d2..3db7c04d 100644 --- a/test/Makefile.am +++ b/test/Makefile.am @@ -1067,6 +1067,8 @@ EXTRA_DIST = \ rwarray.awk \ rwarray.in \ rwarray.ok \ + sandbox1.awk \ + sandbox1.ok \ scalar.awk \ scalar.ok \ sclforin.awk \ @@ -1354,7 +1356,8 @@ GAWK_EXT_TESTS = \ profile7 profile8 profile9 profile10 profile11 profile12 pty1 pty2 \ rebuf regnul1 regnul2 regx8bit reginttrad reint reint2 rsgetline rsglstdin \ rsstart1 rsstart2 rsstart3 rstest6 \ - shadow shadowbuiltin sortfor sortfor2 sortu sourcesplit split_after_fpat \ + sandbox1 shadow shadowbuiltin sortfor sortfor2 sortu \ + sourcesplit split_after_fpat \ splitarg4 strftfld strftime strtonum strtonum1 switch2 symtab1 symtab2 \ symtab3 symtab4 symtab5 symtab6 symtab7 symtab8 symtab9 symtab10 \ timeout typedregex1 typedregex2 typedregex3 typedregex4 \ @@ -1414,6 +1417,9 @@ NEED_PRETTY = nsprof1 nsprof2 \ # List of tests that need --re-interval NEED_RE_INTERVAL = gsubtst3 reint reint2 +# List of tests that need --sandbox +NEED_SANDBOX = sandbox1 + # List of tests that need --traditional NEED_TRADITIONAL = litoct tradanch rscompat diff --git a/test/Makefile.in b/test/Makefile.in index bd261a5b..5496d3cf 100644 --- a/test/Makefile.in +++ b/test/Makefile.in @@ -1326,6 +1326,8 @@ EXTRA_DIST = \ rwarray.awk \ rwarray.in \ rwarray.ok \ + sandbox1.awk \ + sandbox1.ok \ scalar.awk \ scalar.ok \ sclforin.awk \ @@ -1613,7 +1615,8 @@ GAWK_EXT_TESTS = \ profile7 profile8 profile9 profile10 profile11 profile12 pty1 pty2 \ rebuf regnul1 regnul2 regx8bit reginttrad reint reint2 rsgetline rsglstdin \ rsstart1 rsstart2 rsstart3 rstest6 \ - shadow shadowbuiltin sortfor sortfor2 sortu sourcesplit split_after_fpat \ + sandbox1 shadow shadowbuiltin sortfor sortfor2 sortu \ + sourcesplit split_after_fpat \ splitarg4 strftfld strftime strtonum strtonum1 switch2 symtab1 symtab2 \ symtab3 symtab4 symtab5 symtab6 symtab7 symtab8 symtab9 symtab10 \ timeout typedregex1 typedregex2 typedregex3 typedregex4 \ @@ -1673,6 +1676,9 @@ NEED_PRETTY = nsprof1 nsprof2 \ # List of tests that need --re-interval NEED_RE_INTERVAL = gsubtst3 reint reint2 +# List of tests that need --sandbox +NEED_SANDBOX = sandbox1 + # List of tests that need --traditional NEED_TRADITIONAL = litoct tradanch rscompat @@ -4591,6 +4597,11 @@ rstest6: @AWKPATH="$(srcdir)" $(AWK) -f $@.awk < "$(srcdir)"/$@.in >_$@ 2>&1 || echo EXIT CODE: $$? >>_$@ @-$(CMP) "$(srcdir)"/$@.ok _$@ && rm -f _$@ +sandbox1: + @echo $@ + @AWKPATH="$(srcdir)" $(AWK) -f $@.awk --sandbox >_$@ 2>&1 || echo EXIT CODE: $$? >>_$@ + @-$(CMP) "$(srcdir)"/$@.ok _$@ && rm -f _$@ + shadow: @echo $@ @AWKPATH="$(srcdir)" $(AWK) -f $@.awk --lint >_$@ 2>&1 || echo EXIT CODE: $$? >>_$@ diff --git a/test/Maketests b/test/Maketests index ccce4f54..cf85ef8d 100644 --- a/test/Maketests +++ b/test/Maketests @@ -1846,6 +1846,11 @@ rstest6: @AWKPATH="$(srcdir)" $(AWK) -f $@.awk < "$(srcdir)"/$@.in >_$@ 2>&1 || echo EXIT CODE: $$? >>_$@ @-$(CMP) "$(srcdir)"/$@.ok _$@ && rm -f _$@ +sandbox1: + @echo $@ + @AWKPATH="$(srcdir)" $(AWK) -f $@.awk --sandbox >_$@ 2>&1 || echo EXIT CODE: $$? >>_$@ + @-$(CMP) "$(srcdir)"/$@.ok _$@ && rm -f _$@ + shadow: @echo $@ @AWKPATH="$(srcdir)" $(AWK) -f $@.awk --lint >_$@ 2>&1 || echo EXIT CODE: $$? >>_$@ diff --git a/test/sandbox1.awk b/test/sandbox1.awk new file mode 100644 index 00000000..e84894d7 --- /dev/null +++ b/test/sandbox1.awk @@ -0,0 +1,7 @@ +BEGIN { + ARGV[ARGC++] = ARGV[1] # should be ok + ARGV[ARGC++] = "" # empty string, should be ok + ARGV[ARGC++] = "foo=bar" # assignment, should be ok + ARGV[ARGC++] = "junk::foo=bar" # assignment, should be ok + ARGV[ARGC++] = "/dev/null" # should fatal here +} diff --git a/test/sandbox1.ok b/test/sandbox1.ok new file mode 100644 index 00000000..210b7261 --- /dev/null +++ b/test/sandbox1.ok @@ -0,0 +1,2 @@ +gawk: sandbox1.awk:6: fatal: cannot add a new file (/dev/null) to ARGV in sandbox mode +EXIT CODE: 2 |