Return to BSD News archive
Path: sserve!newshost.anu.edu.au!munnari.oz.au!news.Hawaii.Edu!ames!sun-barr!cs.utexas.edu!uunet!pipex!uknet!mcsun!fuug!kiae!bitcom!kiae!relcom!newsserv From: "Andrew A. Chernov, Black Mage" <ache@astral.msk.su> Newsgroups: comp.os.386bsd.bugs Subject: Fix sh(ash) search for command with another valid group Date: Sat, 10 Apr 93 10:33:37 +0400 Distribution: world Organization: Ha-olahm Yetzirah Message-ID: <UO1fcnh8r7@astral.msk.su> Sender: news-service@newcom.kiae.su Reply-To: ache@astral.msk.su Keywords: sh ash Lines: 75 Problem description: When sh try to find_command() for execution (without full path), it check ONLY ONE current effective group execution permissions, but don't check another valid groups from /etc/group. This assumption is right for SYSV, but wrong for BSD, so we obtain something like: command: permission denied But command still available via full path :-) Solution: Check all valid groups via getgroups() call. *** /usr/src/bin/sh/exec.c.was Tue Apr 16 03:23:04 1991 --- /usr/src/bin/sh/exec.c Sat Apr 10 10:17:24 1993 *************** *** 68,73 **** --- 68,78 ---- #include <sys/stat.h> #include <fcntl.h> #include <errno.h> + #ifdef BSD + #undef BSD /* temporary, already defined in <sys/param.h> */ + #include <sys/param.h> + #include <unistd.h> + #endif #define CMDTABLESIZE 31 /* should be prime */ *************** *** 486,494 **** if ((statb.st_mode & 010) == 0) goto loop; } else { ! if ((statb.st_mode & 01) == 0) goto loop; } TRACE(("searchexec \"%s\" returns \"%s\"\n", name, fullname)); INTOFF; cmdp = cmdlookup(name, 1); --- 491,517 ---- if ((statb.st_mode & 010) == 0) goto loop; } else { ! if ((statb.st_mode & 01) == 0) { ! #ifdef BSD ! if ((statb.st_mode & 010) == 0) ! goto loop; ! /* Are you in this group too? */ ! { ! int group_list[NGROUPS]; ! int ngroups, i; ! ! ngroups = getgroups(NGROUPS, group_list); ! for (i = 0; i < ngroups; i++) ! if (statb.st_gid == group_list[i]) ! goto Found; ! } ! #endif goto loop; + } } + #ifdef BSD + Found: + #endif TRACE(("searchexec \"%s\" returns \"%s\"\n", name, fullname)); INTOFF; cmdp = cmdlookup(name, 1); -- In-This-Life: Andrew A. Chernov | "Hay mas dicha, mas contento Internet: ache@astral.msk.su | "Que adorar una hermosura FIDOnet: 2:5020/23.34 | "Brujuleada entre los lejos RELCOM Development Team, Moscow, Russia | "De lo imposible?!" (Calderon)