bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: documentation bug (uid resetting in posix mode)


From: Chet Ramey
Subject: Re: documentation bug (uid resetting in posix mode)
Date: Tue, 30 Oct 2012 14:44:32 -0400

> Stefano Lattarini wrote:
> > Anyway, my /bin/sh is bash ...
> >   $ ls -l /bin/sh
> >   lrwxrwxrwx 1 root root 4 Jul  8  2010 /bin/sh -> bash
> > I'm on Debian Unstable BTW (sorry for not specifying that earlier).
> 
> Let me say this aside on the issue since there is opportunity for some
> confusion.  On Debian the default for new installations is that
> /bin/sh is a symlink to dash.  But existing systems that are upgraded
> will not get this change automatically and will remain as a symlink to
> bash.  It must be specifically selected if desired.

Either way, it doesn't matter.  This is from the debian system(3) man page:

"Do not use system() from a program with set-user-ID or set-group-ID
privileges, because strange values for some environment variables
might be used to subvert system integrity.  Use the exec(3) family of
functions instead, but not execlp(3) or execvp(3).  system() will not,
in fact, work properly from programs with set-user-ID or set-group-ID
privileges on systems on which /bin/sh is bash version 2, since bash 2
drops privileges on startup.  (Debian uses a modified bash which does
not do this when invoked as sh.)"

Though it only references version 2, I assume that debian has continued
the practice of modifying bash.

Chet

-- 
``The lyf so short, the craft so long to lerne.'' - Chaucer
                 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU    address@hidden    http://cnswww.cns.cwru.edu/~chet/



reply via email to

[Prev in Thread] Current Thread [Next in Thread]