-x test always succeeds for root on Solaris

Wed, 05 Jan 2011 13:31:09 -0800 

Configuration Information [Automatically generated, do not change]:
Machine: i386
OS: solaris2.11
Compiler: gcc
Compilation CFLAGS:  -DPROGRAM='bash' -DCONF_HOSTTYPE='i386' 
-DCONF_OSTYPE='solaris2.11' -DCONF_MACHTYPE='i386-pc-solaris2.11' 
-DCONF_VENDOR='pc' -DLOCALEDIR='/usr/local/share/locale' -DPACKAGE='bash' 
-DSHELL -DHAVE_CONFIG_H -DSOLARIS   -I.  -I. -I./include -I./lib   -g -O2
uname output: SunOS monkey.headgear.org 5.11 snv_151a i86pc i386 i86pc
Machine Type: i386-pc-solaris2.11

Bash Version: 4.1
Patch Level: 9
Release Status: release

Description:
  On Solaris 11, when root (as after 'su -' or from cron) uses bash's built-in
  test to test for executability, it always succeeds, even when the file is
  not executable.  This is because sh_eaccess() ends up calling access(2),
  which is basically documented to have this behavior.

  I saw this on the 4.0.28 that ships with Solaris 11 Express (11/10), as well
  as a 4.0 that I built from source and a 4.1.9 that I built from source.

  The problem is not present in the bash 3.00.16 that I've got on one of
  our Solaris 10 systems, so I'll be filing a bug with them as well.

Repeat-By:

  monkey 16:49 /var/tmp # touch normal-file

  monkey 16:49 /var/tmp # ls -l normal-file
  -rw-r--r-- 1 root root 0 Jan  4 16:49 normal-file

  monkey 16:49 /var/tmp # bash -c '[ -x normal-file ] && echo bad || echo no 
problem'
  bad

  monkey 16:49 /var/tmp # su cloyce -c "bash -c '[ -x normal-file ] && echo bad 
|| echo no problem'"
  no problem

Fix:

  The patch below "fixes" the problem.  There are probably some
  subtleties that escape me, though.

--- lib/sh/eaccess.c.orig       2011-01-04 16:50:19.902373804 -0800
+++ lib/sh/eaccess.c    2011-01-04 16:51:59.704669572 -0800
@@ -206,6 +206,7 @@
 #elif defined (EFF_ONLY_OK)            /* SVR4(?), SVR4.2 */
   return access (path, mode|EFF_ONLY_OK);
 #else
+  if (current_user.uid != 0 && current_user.euid != 0) {
   if (mode == F_OK)
     return (sh_stataccess (path, mode));
     
@@ -216,6 +217,7 @@
 
   if (current_user.uid == current_user.euid && current_user.gid == 
current_user.egid)
     return (access (path, mode));  
+  }
 
   return (sh_stataccess (path, mode));
 #endif

Reply via email to