From owner-freebsd-bugs@FreeBSD.ORG  Sun May 27 19:20:01 2012
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id C620D1065675
	for <freebsd-bugs@hub.freebsd.org>;
	Sun, 27 May 2012 19:20:01 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 7DA4D8FC15
	for <freebsd-bugs@hub.freebsd.org>;
	Sun, 27 May 2012 19:20:01 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q4RJK1mu035640
	for <freebsd-bugs@freefall.freebsd.org>; Sun, 27 May 2012 19:20:01 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q4RJK1QS035639;
	Sun, 27 May 2012 19:20:01 GMT (envelope-from gnats)
Resent-Date: Sun, 27 May 2012 19:20:01 GMT
Resent-Message-Id: <201205271920.q4RJK1QS035639@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Darren Reed <darrenr@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 444381065672
	for <FreeBSD-gnats-submit@freebsd.org>;
	Sun, 27 May 2012 19:11:14 +0000 (UTC)
	(envelope-from darrenr@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 2EFCA8FC19
	for <FreeBSD-gnats-submit@freebsd.org>;
	Sun, 27 May 2012 19:11:14 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q4RJBEVk024442
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 27 May 2012 19:11:14 GMT
	(envelope-from darrenr@freefall.freebsd.org)
Received: (from darrenr@localhost)
	by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q4RJBEcw024437;
	Sun, 27 May 2012 19:11:14 GMT (envelope-from darrenr)
Message-Id: <201205271911.q4RJBEcw024437@freefall.freebsd.org>
Date: Sun, 27 May 2012 19:11:14 GMT
From: Darren Reed <darrenr@FreeBSD.org>
To: FreeBSD-gnats-submit@FreeBSD.org
X-Send-Pr-Version: 3.113
Cc: 
Subject: bin/168389: rcmd(3) recursion when RSH points to rsh
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Darren Reed <darrenr@FreeBSD.org>
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 27 May 2012 19:20:01 -0000


>Number:         168389
>Category:       bin
>Synopsis:       rcmd(3) recursion when RSH points to rsh
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun May 27 19:20:01 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator:     Darren Reed
>Release:        FreeBSD 9.0-STABLE i386
>Organization:
FreeBSD
>Environment:
System: FreeBSD freefall.freebsd.org 9.0-STABLE FreeBSD 9.0-STABLE #6 r235139: T
ue May 8 21:19:03 UTC 2012 simon@freefall.freebsd.org:/usr/obj/usr/src/sys/FREEF
ALL i386


>Description:
In rcmd(3) the environment variable RSH is used to indicate which
program to execute in lieu of rsh itself. The code path present
in rcmd(3) and rcmdsh() will result in continual execution of
rsh if RSH is set to rsh itself. In fact, the RSH environment
variable can only be safely set to a program that does not use
rcmd(3).

What possibly needs to happen here is for rcmd(3) to clear the
RSH environment variable or otherwise make some effort to ensure
that the program it is about to execute is not the same as the
one that is currently executing.
>How-To-Repeat:
export RSH=rsh
rsh localhost who

>Fix:


>Release-Note:
>Audit-Trail:
>Unformatted: