[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Possible Bug in command and type posix compliance

From: Michael S
Subject: Possible Bug in command and type posix compliance
Date: Fri, 5 Apr 2019 02:28:05 -0400


I believe I have found a bug when using the posix compliant bash. From this
page point 53
https://www.gnu.org/software/bash/manual/html_node/Bash-POSIX-Mode.html it
states that type and command should not return a binary that is non
executable. For most cases this is currently true and the check when
searching the patch ensures this in type.def. However in the case that the
user has tried to execute the program and the command has been added to
that hash table the check fails.

Here is a contrived example where I modified useradd2 to be denied for my

address@hidden ~/code/bash $ ./bash --posix
bash-5.0$ command -V useradd2
bash: command: useradd2: not found
bash-5.0$ type useradd2
bash: type: useradd2: not found
bash-5.0$ useradd2
bash: /usr/sbin/useradd2: Permission denied
bash-5.0$ command -V useradd2
useradd2 is hashed (/usr/sbin/useradd2)
bash-5.0$ type useradd2
useradd2 is hashed (/usr/sbin/useradd2)

The following patch fixes the issue and causes consistent results to be

diff --git a/builtins/type.def b/builtins/type.def
index 699ecd20..0d5bf7e8 100644
--- a/builtins/type.def
+++ b/builtins/type.def
@@ -333,7 +333,7 @@ describe_command (command, dflags)

   /* If the user isn't doing "-a", then we might care about
      whether the file is present in our hash table. */
-  if (all == 0 || (dflags & CDESC_FORCE_PATH))
+  if ((all == 0 || (dflags & CDESC_FORCE_PATH)) && !posixly_correct)
       if (full_path = phash_search (command))

I picked this fix since we can reuse all the logic already in place to make
sure the file is executable later in the program. If you are really trying
to squeeze out extra performance and minimize a few syscalls an additional
check could be done here instead to verify you have permissions but I'll
leave that up for discussion provided others think this is valid.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]