Re: documentation bug (uid resetting in posix mode)

[Stefano Lattarini]

On 10/30/2012 05:06 PM, Andreas Schwab wrote:
> Stefano Lattarini <stefano.lattarini@gmail.com> writes:
> 
>> From experimenting, I've found out that bash (4.2.20), when invoked
>> as "sh", doesn't reset the effective user id to the real user id,
>> even if called *without* the '-p' option.
> 
> How did you test that?
>
Here we go:

  $ cat print-uids.c
  #define _GNU_SOURCE
  #include <sys/types.h>
  #include <stdlib.h>
  #include <unistd.h>
  #include <stdio.h>
  int main (void)
  {
    uid_t ruid, euid, suid;
    getresuid (&ruid, &euid, &suid);
    printf ("[%d] ruid = %d, euid = %d, suid = %d\n",
           getpid(), ruid, euid, suid);
    return 0;
  }

  $ cat system-suid.c | sed 's/^/  /'
  #include <sys/types.h>
  #include <stdlib.h>
  #include <unistd.h>
  int main (void)
  {
    return system(
      "./print-uids"
      " && "
      "echo {$$} uid: $UID, euid: $EUID"
      " && "
      "/bin/sh -c 'echo sh{$$} uid: $UID, euid: $EUID'"
      " && "
      "/bin/bash -c 'echo bash4{$$} uid: $UID, euid: $EUID'"
      " && "
      "bash-3.0 -c 'echo bash3{$$} uid: $UID, euid: $EUID'"
      " && "
      "bash-2.0 -c 'echo bash2{$$} uid: $UID, euid: $EUID'"
      " && "
      "ksh -c 'echo ksh{$$} uid: $(id -r -u), euid: $(id -u)'"
      " && "
      "dash -c 'echo dash{$$} uid: $(id -r -u), euid: $(id -u)'"
    );
  }

  $ cc -o print-uids print-uids.c
  $ cc -o system-suid system-suid.c

  $ su -c 'chown root system-suid && chmod u+s system-suid'
  Password: ********

  $ ls -l system-suid print-uids
  -rwxr-xr-x 1 stefano stefano 5167 Oct 30 17:58 print-uids
  -rwsr-xr-x 1 root    stefano 5293 Oct 30 17:59 system-suid

  $ ./system-suid
  [8204] ruid = 1000, euid = 0, suid = 0
  {8203} uid: 1000, euid: 0
  sh{8205} uid: 1000, euid: 0
  bash4{8206} uid: 1000, euid: 1000
  bash3{8207} uid: 1000, euid: 1000
  bash2{8208} uid: 1000, euid: 1000
  ksh{8209} uid: 1000, euid: 0
  dash{8212} uid: 1000, euid: 0

HTH,
  Stefano