SHEVAL(7)                                                            SHEVAL(7)

       sheval - helmet to assign dynamic values in an escalated environment

       sheval  [-P  pid]  [-C config] [-f file] [-g group] [-R root] [-u user]
       mnemonic program euid:egid cred_type:cred
       sheval -h|-H
       sheval -V

       This helmet is intended to allow  op(1)  escalation  rules  to  include
       dynamic  variable  assignments  in  the escalated environment.  It does
       this by assigning the output from a  shell  command  to  the  specified
       variable, to compensates for op's inability to do that.  The escalation
       fails when any of these commands exit(3)s non-zero.

       This program takes all the op provided options,  but  actually  doesn't
       look  at  any of them (other than -P).  It does sanity check them, just
       the same.

       Like any helmet, most of the configuration is passed from  op  via  the

              The  helmet  executes the given cmd reading the output to form a
              new value for the env specified.  The last  newline  is  deleted
              from  the new value.  When any cmd exits non-zero the escalation
              is denied.  When env is the empty string it is replaced  with  a
              single  under-bar (_).  If the cmd is empty, it is replaced with
              hostname.  Think of this as running the command below for  every
              SHEVAL_SET_env assignment:
                   export env='cmd'

              The  warning  message  to replace the common "Sorry" denial mes-

              The standard reveal logic, see op-jacket(7).

              A comma-separated list of environment variables to remove  after
              processing.  This masks values that the escalated process should
              not be able to see, but are required for computing other values.
              Think of this as running:
                   unset 'echo list | tr ',' ' ''

       Note  that  any  env formed from the escalated environment may have the
       "SHEVAL_SET_" prefix, in which case it is processed again, at  the  end
       of  the  cycle.   This  allows  order-dependent  assignments, which may
       otherwise be randomized, the new  command  is  the  evaluation  of  the
       original.   This  process  may  be repeated as many times as the prefix

       All of these are deleted from each cmd's  environment:  $IFS,  $CDPATH,
       $ENV,  $BASH_ENV  to prevent perl(1) from refusing to run any commands.
       If you must have them set, you'll have to put each in  the  environment
       with a set specification.

       These are example from the command-line:

       /usr/local/libexec/jacket/sheval -V
              Output only the version of the program, then exit.

       /usr/local/libexec/jacket/sheval -H
              Output only a summary of the environment expected.

       All  of these are snips from the op file.  Note that you must
       allow any referenced environment variables into the escalated  environ-
       ment, and it is a really good idea to include a $PATH.
       jacket=/usr/local/libexec/jacket/sheval $SHEVAL_SET_NOW=date
              Set the environment variable $NOW to the current time.

              Deposit the path to the default stamp directory in $TOP.  Recall
              that the op markup $. represents a space in the  context  of  an
              environment variable, this is a bit easier to read than $\s.

              Restore  $IFS to a whacky value (by including a colon), then run
              myscript to set the value of $Targ.  The echo(1) command outputs
              a script name, the next pass executes that script.

       jacket=/usr/local/libexec/jacket/sheval $SHEVAL_SET_FROM=
              Set $FROM to the local hostname.  This is a strange default, but
              it is useful in calls to the master  source  tools,  viz.  hxmd,
              efmd, msrc and mmsrc(8).

       groups=disk helmet=/usr/local/libexec/jacket/sheval
              Force  the  client  to  be in both the disk and operator groups.
              The helmet matches the original group list for the complete word
              "operator",  only  when op allows the access by group membership
              in "disk".  Note that we then remove the trap variable,  radiat-
              ing extra information is bad policy.

       This  jacket  trusts  that the op configuration won't allow a malicious
       shell command through the environment filter.  The multiple  evaluation
       feature  makes  that  much  harder  to believe.  Any configuration that
       calls a helmet or jacket requires great care, but  great  power  always
       comes with great responsibility.

       Reveals do not take place in the helmet, they may conflict with assign-
       ments made in sheval, in which case the assignments  made  from  sheval
       overwrite  the  revealed values.  Revealed variables are not visible to
       the cmd processes (but they are still visible with  the  original  pre-
       fix).   This  means revealing $IFS doesn't impact any evaluations.  One
       should not depend on this behavior, since it is  implementation  depen-
       dent (and might change).

       K S Braunsdorf, from the Non-Player Character Guild
       op at-not-a-spammer ksb dot

       sh(1), op(1l), op-jacket(7l), stampctl(8l), getpeereid(3), hostname(1),
       hxmd(8l), efmd(8l), mmsrc(8) and msrc(8l)

                                     LOCAL                           SHEVAL(7)