- it's not a shell thing to think for sysadmins and developers,

  current bash behaviour is a SbO

Changed files:
    bash-act_like_sh.patch -> 1.1

diff --git a/bash-act_like_sh.patch b/bash-act_like_sh.patch
new file mode 100644 (file)
index 0000000..e6234b9
--- /dev/null
+++ b/bash-act_like_sh.patch
@@ -0,0 +1,30 @@
+7.  Several people have reported that `dip' (a program for SLIP/PPP
+    on Linux) does not work with bash-2.0 installed as /bin/sh.
+
+    I don't run any Linux boxes myself, and do not have the dip
+    code handy to look at, but the `problem' with bash-2.0, as
+    it has been related to me, is that bash requires the `-p'
+    option to be supplied at invocation if it is to run setuid
+    or setgid. 
+
+    This means, among other things, that setuid or setgid programs
+    which call system(3) (a horrendously bad practice in any case)
+    relinquish their setuid/setgid status in the child that's forked
+    to execute /bin/sh. 
+
+    The following is an *unofficial* patch to bash-2.0 that causes it
+    to not require `-p' to run setuid or setgid if invoked as `sh'.
+    It has been reported to work on Linux.  It will make your system
+    vulnerable to bogus system(3) calls in setuid executables.
+
+--- bash-3.0.orig/shell.c    Wed Dec 18 14:16:30 1996
++++ shell.c     Fri Mar  7 13:12:03 1997
+@@ -461,7 +461,7 @@
+       initialize_shell_builtins ();
+     }
+ 
+-  if (running_setuid && privileged_mode == 0)
++  if (running_setuid && privileged_mode == 0 && act_like_sh == 0)
+     disable_priv_mode ();
+ 
+   /* Need to get the argument to a -c option processed in the