Date: Mon, 18 Feb 2002 04:50:25 -0800 (PST) From: Vitezslav Novy <vita@fio.cz> To: freebsd-gnats-submit@FreeBSD.org Subject: bin/35076: sh builtin test command sets real uid to value of euid Message-ID: <200202181250.g1ICoPA25468@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 35076 >Category: bin >Synopsis: sh builtin test command sets real uid to value of euid >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Feb 18 05:00:03 PST 2002 >Closed-Date: >Last-Modified: >Originator: Vitezslav Novy >Release: 4.5-RELEASE >Organization: >Environment: FreeBSD vita.private.fio.cz 4.5-RELEASE FreeBSD 4.5-RELEASE #0: Fri Feb 15 18:40:42 CET 2002 root@vita.private.fio.cz:/usr/src/sys/compile/SAMBA i386 >Description: sh builtin test command sets real uid to the value of euid. Builtin test command uses code of external test command, which sets uid to value of euid. External command exits after his job, so there is no problem. But this code used in sh sets uid of sh which typicaly continues and executes other commands. Same is valid for gid. >How-To-Repeat: bash-2.05$ ls -l sh -r-sr-xr-x 1 root wheel 452412 Feb 18 12:45 sh bash-2.05$ id uid=1001(rumik) gid=1001(rumik) groups=1001(rumik), 0(wheel) bash-2.05$ cat ttt.sh id test a = b id bash-2.05$ ./sh ttt.sh uid=1001(rumik) euid=0(root) gid=1001(rumik) groups=1001(rumik), 0(wheel) uid=0(root) gid=1001(rumik) groups=1001(rumik), 0(wheel) >Fix: >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200202181250.g1ICoPA25468>