* Wrote function eaccess (used to be a macro defined as `access'),
which swaps real uid and gid with the effective ones, calls access,
and reverts the uid/gid. This fixes the test builtin command not
working properly when shell is privileged (closes: #245213).
Index: pdksh-5.2.14/c_test.c
===================================================================
--- pdksh-5.2.14.orig/c_test.c 2008-04-15 20:49:47.000000000 +0200
+++ pdksh-5.2.14/c_test.c 2008-04-15 20:52:50.000000000 +0200
@@ -338,7 +338,7 @@
case TO_FILUID: /* -O */
return test_stat(opnd1, &b1) == 0 && b1.st_uid == ksheuid;
case TO_FILGID: /* -G */
- return test_stat(opnd1, &b1) == 0 && b1.st_gid == getegid();
+ return test_stat(opnd1, &b1) == 0 && b1.st_gid == kshegid;
/*
* Binary Operators
*/
@@ -656,3 +656,36 @@
else
bi_errorf("%s", msg);
}
+
+
+#ifdef DEBIAN
+int eaccess(const char *pathname, int mode) {
+ int need_setreuid, need_setregid;
+ int result;
+ int _errno;
+
+
+
+ if (( need_setregid = ( kshgid != kshegid ) )) {
+ setregid( kshegid, kshgid );
+ }
+
+ if (( need_setreuid = ( kshuid != ksheuid ) )) {
+ setreuid( ksheuid, kshuid );
+ }
+
+ result = access( pathname, mode );
+ _errno = errno;
+
+ if ( need_setregid ) {
+ setregid( kshgid, kshegid );
+ }
+
+ if ( need_setreuid ) {
+ setreuid( kshuid, ksheuid );
+ }
+
+ errno = _errno;
+ return result;
+}
+#endif
Index: pdksh-5.2.14/main.c
===================================================================
--- pdksh-5.2.14.orig/main.c 2008-04-15 20:51:49.000000000 +0200
+++ pdksh-5.2.14/main.c 2008-04-15 20:52:50.000000000 +0200
@@ -269,6 +269,9 @@
ksheuid = geteuid();
+ kshuid = getuid();
+ kshgid = getgid();
+ kshegid = getegid();
safe_prompt = ksheuid ? "$ " : "# ";
{
struct tbl *vp = global("PS1");
@@ -283,7 +286,7 @@
}
/* Set this before parsing arguments */
- Flag(FPRIVILEGED) = getuid() != ksheuid || getgid() != getegid();
+ Flag(FPRIVILEGED) = kshuid != ksheuid || kshgid != kshegid;
/* this to note if monitor is set on command line (see below) */
Flag(FMONITOR) = 127;
Index: pdksh-5.2.14/misc.c
===================================================================
--- pdksh-5.2.14.orig/misc.c 2008-04-15 20:49:47.000000000 +0200
+++ pdksh-5.2.14/misc.c 2008-04-15 20:52:50.000000000 +0200
@@ -19,6 +19,7 @@
int isfile));
static const unsigned char *cclass ARGS((const unsigned char *p, int sub));
+
/*
* Fast character classes
*/
@@ -311,13 +312,13 @@
;
#else /* OS2 */
#ifndef DEBIAN
- setuid(ksheuid = getuid());
- setgid(getgid());
+ setuid(ksheuid = kshuid = getuid());
+ setgid(kshegid = kshgid = getgid());
#else /* patch from OpenBSD */
- seteuid(ksheuid = getuid());
+ seteuid(ksheuid = kshuid = getuid());
setuid(ksheuid);
- setegid(getgid());
- setgid(getgid());
+ setegid(kshegid = kshgid = getgid());
+ setgid(kshegid);
#endif /* DEBIAN */
#endif /* OS2 */
} else if (f == FPOSIX && newval) {
@@ -1365,3 +1366,4 @@
return b;
#endif /* HAVE_GETCWD */
}
+
Index: pdksh-5.2.14/sh.h
===================================================================
--- pdksh-5.2.14.orig/sh.h 2008-04-15 20:49:47.000000000 +0200
+++ pdksh-5.2.14/sh.h 2008-04-15 20:52:50.000000000 +0200
@@ -353,8 +353,12 @@
#define NUFILE 10 /* Number of user-accessible files */
#define FDBASE 10 /* First file usable by Shell */
+#ifndef DEBIAN
/* you're not going to run setuid shell scripts, are you? */
#define eaccess(path, mode) access(path, mode)
+#else
+EXTERN int eaccess( const char * pathname, int mode );
+#endif
/* Make MAGIC a char that might be printed to make bugs more obvious, but
* not a char that is used often. Also, can't use the high bit as it causes
@@ -372,6 +376,9 @@
EXTERN pid_t kshpid; /* $$, shell pid */
EXTERN pid_t procpid; /* pid of executing process */
EXTERN int ksheuid; /* effective uid of shell */
+EXTERN int kshegid; /* effective gid of shell */
+EXTERN int kshuid; /* real uid of shell */
+EXTERN int kshgid; /* real gid of shell */
EXTERN int exstat; /* exit status */
EXTERN int subst_exstat; /* exit status of last $(..)/`..` */
EXTERN const char *safe_prompt; /* safe prompt if PS1 substitution fails */
|
