From d444241ede30b7826db10b449a7e751752e6b012 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Jan=20R=C4=99korajski?= Date: Tue, 7 Sep 2004 16:21:06 +0000 Subject: [PATCH] - it's not a shell thing to think for sysadmins and developers, current bash behaviour is a SbO Changed files: bash-act_like_sh.patch -> 1.1 --- bash-act_like_sh.patch | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 bash-act_like_sh.patch diff --git a/bash-act_like_sh.patch b/bash-act_like_sh.patch new file mode 100644 index 0000000..e6234b9 --- /dev/null +++ b/bash-act_like_sh.patch @@ -0,0 +1,30 @@ +7. Several people have reported that `dip' (a program for SLIP/PPP + on Linux) does not work with bash-2.0 installed as /bin/sh. + + I don't run any Linux boxes myself, and do not have the dip + code handy to look at, but the `problem' with bash-2.0, as + it has been related to me, is that bash requires the `-p' + option to be supplied at invocation if it is to run setuid + or setgid. + + This means, among other things, that setuid or setgid programs + which call system(3) (a horrendously bad practice in any case) + relinquish their setuid/setgid status in the child that's forked + to execute /bin/sh. + + The following is an *unofficial* patch to bash-2.0 that causes it + to not require `-p' to run setuid or setgid if invoked as `sh'. + It has been reported to work on Linux. It will make your system + vulnerable to bogus system(3) calls in setuid executables. + +--- bash-3.0.orig/shell.c Wed Dec 18 14:16:30 1996 ++++ shell.c Fri Mar 7 13:12:03 1997 +@@ -461,7 +461,7 @@ + initialize_shell_builtins (); + } + +- if (running_setuid && privileged_mode == 0) ++ if (running_setuid && privileged_mode == 0 && act_like_sh == 0) + disable_priv_mode (); + + /* Need to get the argument to a -c option processed in the -- 2.44.0