From owner-freebsd-bugs Sat Jul 15 2: 0: 8 2000 Delivered-To: freebsd-bugs@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id F29D737BC7F for ; Sat, 15 Jul 2000 02:00:02 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id CAA11934; Sat, 15 Jul 2000 02:00:02 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from mout1.silyn-tek.de (mout1.silyn-tek.de [194.25.165.69]) by hub.freebsd.org (Postfix) with ESMTP id E78A137BDA8 for ; Sat, 15 Jul 2000 01:54:45 -0700 (PDT) (envelope-from alex@big.endian.de) Received: from [192.168.32.33] (helo=mx1.silyn-tek.de) by mout1.silyn-tek.de with esmtp (Exim 3.13 #1) id 13DNif-0007Kw-00 for FreeBSD-gnats-submit@freebsd.org; Sat, 15 Jul 2000 10:54:45 +0200 Received: from p3e9c1174.dip0.t-ipconnect.de ([62.156.17.116] helo=neutron.cichlids.com) by mx1.silyn-tek.de with esmtp (Exim 3.13 #1) id 13DNid-00075P-00 for FreeBSD-gnats-submit@freebsd.org; Sat, 15 Jul 2000 10:54:43 +0200 Received: from cichlids.cichlids.com (cichlids.cichlids.com [192.168.0.10]) by neutron.cichlids.com (Postfix) with ESMTP id 3004FAB8C for ; Sat, 15 Jul 2000 10:56:05 +0200 (CEST) Received: by cichlids.cichlids.com (Postfix, from userid 1001) id 2B2C014AEB; Sat, 15 Jul 2000 10:55:10 +0200 (CEST) Message-Id: <20000715085510.2B2C014AEB@cichlids.cichlids.com> Date: Sat, 15 Jul 2000 10:55:10 +0200 (CEST) From: alex@freebsd.org Reply-To: alex@big.endian.de To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.2 Subject: bin/19946: possible bug in sh(1) with -p flag (privileged mode) Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 19946 >Category: bin >Synopsis: possible bug in sh(1) with -p flag (privileged mode) >Confidential: no >Severity: serious >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Sat Jul 15 02:00:02 PDT 2000 >Closed-Date: >Last-Modified: >Originator: Alexander Langer >Release: FreeBSD 5.0-CURRENT i386 >Organization: FreeBSD Project >Environment: -current >Description: I think I found a possible bug in the sh(1) -p (privileged mode) behaviour. On the one hand, the manpage is something broken (see pr 18243). However, this is another thing. If I understood the -p flag correctly from the source and the current manpage, the -p flag should turn off different real and effective user ids (and gids). -p turns on, that the effective uid is set TO the real uid. (and the gid's respectively). However, in this case, it makes no sense, that STILL /etc/suid_profile is parsed in spite of ~/.profile(!) - in fact, -p should turn OFF the priviledged mode behaviour, or am I wrong? So, I suggest to use the following patch, which sets the global variable `privileged' to 0 again, after the -p flag is given and the effective uid/gid are set to the real ones. This makes sh parse ~/.profile later on (in main.c), which is the correct behaviour in my opinion. I'll take a look at the manpage later to clarify this. >How-To-Repeat: n/a >Fix: cvs server: Diffing . Index: options.c =================================================================== RCS file: /home/ncvs/src/bin/sh/options.c,v retrieving revision 1.16 diff -u -r1.16 options.c --- options.c 2000/04/20 09:49:16 1.16 +++ options.c 2000/07/15 08:54:26 @@ -193,6 +193,7 @@ if (c == 'p' && !val && privileged) { (void) setuid(getuid()); (void) setgid(getgid()); + privileged = 0; } setoption(c, val); } @@ -218,6 +219,7 @@ if (!val && privileged && equal(name, "privileged")) { (void) setuid(getuid()); (void) setgid(getgid()); + privileged = 0; } setoption(optlist[i].letter, val); return; cvs server: Diffing bltin cvs server: Diffing funcs >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message