From owner-freebsd-bugs Mon Feb 18 5: 0:13 2002 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 8672A37B417 for ; Mon, 18 Feb 2002 05:00:03 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g1ID03i27640; Mon, 18 Feb 2002 05:00:03 -0800 (PST) (envelope-from gnats) Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id F364B37B404 for ; Mon, 18 Feb 2002 04:50:25 -0800 (PST) Received: (from nobody@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g1ICoPA25468; Mon, 18 Feb 2002 04:50:25 -0800 (PST) (envelope-from nobody) Message-Id: <200202181250.g1ICoPA25468@freefall.freebsd.org> Date: Mon, 18 Feb 2002 04:50:25 -0800 (PST) From: Vitezslav Novy To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-1.0 Subject: bin/35076: sh builtin test command sets real uid to value of euid Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 35076 >Category: bin >Synopsis: sh builtin test command sets real uid to value of euid >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Feb 18 05:00:03 PST 2002 >Closed-Date: >Last-Modified: >Originator: Vitezslav Novy >Release: 4.5-RELEASE >Organization: >Environment: FreeBSD vita.private.fio.cz 4.5-RELEASE FreeBSD 4.5-RELEASE #0: Fri Feb 15 18:40:42 CET 2002 root@vita.private.fio.cz:/usr/src/sys/compile/SAMBA i386 >Description: sh builtin test command sets real uid to the value of euid. Builtin test command uses code of external test command, which sets uid to value of euid. External command exits after his job, so there is no problem. But this code used in sh sets uid of sh which typicaly continues and executes other commands. Same is valid for gid. >How-To-Repeat: bash-2.05$ ls -l sh -r-sr-xr-x 1 root wheel 452412 Feb 18 12:45 sh bash-2.05$ id uid=1001(rumik) gid=1001(rumik) groups=1001(rumik), 0(wheel) bash-2.05$ cat ttt.sh id test a = b id bash-2.05$ ./sh ttt.sh uid=1001(rumik) euid=0(root) gid=1001(rumik) groups=1001(rumik), 0(wheel) uid=0(root) gid=1001(rumik) groups=1001(rumik), 0(wheel) >Fix: >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message