*BSD News Article 14272


Return to BSD News archive

Path: sserve!newshost.anu.edu.au!munnari.oz.au!news.Hawaii.Edu!ames!sun-barr!cs.utexas.edu!uunet!pipex!uknet!mcsun!fuug!kiae!bitcom!kiae!relcom!newsserv
From: "Andrew A. Chernov, Black Mage" <ache@astral.msk.su>
Newsgroups: comp.os.386bsd.bugs
Subject: Fix sh(ash) search for command with another valid group
Date: Sat, 10 Apr 93 10:33:37 +0400
Distribution: world
Organization: Ha-olahm Yetzirah
Message-ID: <UO1fcnh8r7@astral.msk.su>
Sender: news-service@newcom.kiae.su
Reply-To: ache@astral.msk.su
Keywords: sh ash
Lines: 75

Problem description:
When sh try to find_command() for execution (without full path),
it check ONLY ONE current effective group execution permissions,
but don't check another valid groups from /etc/group.
This assumption is right for SYSV, but wrong for BSD, so we obtain
something like:

command: permission denied

But command still available via full path :-)

Solution:
Check all valid groups via getgroups() call.

*** /usr/src/bin/sh/exec.c.was	Tue Apr 16 03:23:04 1991
--- /usr/src/bin/sh/exec.c	Sat Apr 10 10:17:24 1993
***************
*** 68,73 ****
--- 68,78 ----
  #include <sys/stat.h>
  #include <fcntl.h>
  #include <errno.h>
+ #ifdef  BSD
+ #undef BSD      /* temporary, already defined in <sys/param.h> */
+ #include <sys/param.h>
+ #include <unistd.h>
+ #endif
  
  
  #define CMDTABLESIZE 31		/* should be prime */
***************
*** 486,494 ****
  			if ((statb.st_mode & 010) == 0)
  				goto loop;
  		} else {
! 			if ((statb.st_mode & 01) == 0)
  				goto loop;
  		}
  		TRACE(("searchexec \"%s\" returns \"%s\"\n", name, fullname));
  		INTOFF;
  		cmdp = cmdlookup(name, 1);
--- 491,517 ----
  			if ((statb.st_mode & 010) == 0)
  				goto loop;
  		} else {
! 			if ((statb.st_mode & 01) == 0) {
! #ifdef  BSD
! 				if ((statb.st_mode & 010) == 0)
! 					goto loop;
! 				/* Are you in this group too? */
! 				{
! 					int group_list[NGROUPS];
! 					int ngroups, i;
! 
! 					ngroups = getgroups(NGROUPS, group_list);
! 					for (i = 0; i < ngroups; i++)
! 						if (statb.st_gid == group_list[i])
! 							goto Found;
! 				}
! #endif
  				goto loop;
+ 			}
  		}
+ #ifdef  BSD
+ 	Found:
+ #endif
  		TRACE(("searchexec \"%s\" returns \"%s\"\n", name, fullname));
  		INTOFF;
  		cmdp = cmdlookup(name, 1);
-- 
In-This-Life:    Andrew A. Chernov      | "Hay mas dicha, mas contento
Internet:        ache@astral.msk.su     | "Que adorar una hermosura
FIDOnet:         2:5020/23.34           | "Brujuleada entre los lejos
RELCOM Development Team, Moscow, Russia | "De lo imposible?!" (Calderon)