Hi Chet.
On 10/30/2012 07:10 PM, Chet Ramey wrote:
> On 10/30/12 1:53 PM, Stefano Lattarini wrote:
>> On 10/30/2012 06:28 PM, Andreas Schwab wrote:
>>> Stefano Lattarini <stefano.lattar...@gmail.com> writes:
>>>
>>>> $ ./system-suid
>>>> [8204] ruid = 1000, euid = 0, suid = 0
>>>
>>> Looks like your /bin/sh is broken.
>>>
>> How "broken" exactly? Honest question.
>
> It's not unheard of for vendors to make their own changes and ship the
> result. This has happened a number of times in the past.
>
You're right; I see this in the bash_4.2-5.diff file applied by Debian:
--- bash-4.2.orig/debian/patches/privmode.diff
+++ bash-4.2/debian/patches/privmode.diff
@@ -0,0 +1,19 @@
# DP: XXX missing description
# DP:
# DP: Comment from Chet Ramey <c...@nike.ins.cwru.edu>:
# DP:
# DP: Nope. This will allow setuid scripts if not called as `sh' and not
# DP: called with the -p option. I won't install this.
--- a/bash/shell.c
+++ b/bash/shell.c
@@ -486,7 +486,7 @@
if (dump_translatable_strings)
read_but_dont_execute = 1;
- if (running_setuid && privileged_mode == 0)
+ if (running_setuid && privileged_mode == 0 && act_like_sh == 0)
disable_priv_mode ();
So the behaviour I'm seeing is only due to the Debian patches, and
there's no bug in the Bash documentation.
Thanks, and sorry for the noise,
Stefano
