diff options
| author | Renaud Métrich <rmetrich@redhat.com> | 2022-01-06 19:50:28 +0100 |
|---|---|---|
| committer | Jóhann B. Guðmundsson <johannbg@gmail.com> | 2022-02-04 12:24:22 +0000 |
| commit | 22a80629b4bbcef02eb8fe3611ea44e253ef4c61 (patch) | |
| tree | 0128bb3213ff3b6fe5d30dbd668f69e492624705 | |
| parent | c5907f82d835d72e4dd7c473a86e872fce37d61e (diff) | |
| download | dracut-22a80629b4bbcef02eb8fe3611ea44e253ef4c61.tar.gz | |
fix(dracut): be more robust when using 'set -u'
From bash manpage, FUNCNAME exists only inside functions. When in debug
mode, make sure to use an empty default value as FUNCNAME[0] when
outside of functions.
With bash4 this wasn't an issue, but is with bash5 with hardening option
'set -u' used, as shown in the example below:
Incorrect:
$ bash -u -c 'echo -n ${FUNCNAME[0]}'
bash: line 1: FUNCNAME[0]: unbound variable
$
Correct:
$ bash -u -c 'echo -n ${FUNCNAME[0]-}'
$
This hardening enables sourcing dracut-lib.sh from external utilities
executing in the initramfs such as clevis-luks-askpass, which uses
hardening option 'set -u' internally.
(see Clevis PR https://github.com/latchset/clevis/pull/340)
Signed-off-by: Renaud Métrich <rmetrich@redhat.com>
| -rwxr-xr-x | dracut.sh | 2 | ||||
| -rwxr-xr-x | modules.d/99base/dracut-lib.sh | 2 |
2 files changed, 2 insertions, 2 deletions
@@ -882,7 +882,7 @@ unset GREP_OPTIONS export DRACUT_LOG_LEVEL=warning [[ $debug ]] && { export DRACUT_LOG_LEVEL=debug - export PS4='${BASH_SOURCE}@${LINENO}(${FUNCNAME[0]}): ' + export PS4='${BASH_SOURCE}@${LINENO}(${FUNCNAME[0]-}): ' set -x } diff --git a/modules.d/99base/dracut-lib.sh b/modules.d/99base/dracut-lib.sh index 591b97c6..43b023e1 100755 --- a/modules.d/99base/dracut-lib.sh +++ b/modules.d/99base/dracut-lib.sh @@ -392,7 +392,7 @@ setdebug() { if getargbool 0 rd.debug -d -y rdinitdebug -d -y rdnetdebug; then RD_DEBUG=yes [ -n "$BASH" ] \ - && export PS4='${BASH_SOURCE}@${LINENO}(${FUNCNAME[0]}): ' + && export PS4='${BASH_SOURCE}@${LINENO}(${FUNCNAME[0]-}): ' fi fi export RD_DEBUG |