On 10/30/2012 05:06 PM, Andreas Schwab wrote:
> Stefano Lattarini <stefano.lattar...@gmail.com> writes:
>
>> From experimenting, I've found out that bash (4.2.20), when invoked
>> as "sh", doesn't reset the effective user id to the real user id,
>> even if called *without* the '-p' option.
>
> How did you test that?
>
Here we go:
$ cat print-uids.c
#define _GNU_SOURCE
#include <sys/types.h>
#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>
int main (void)
{
uid_t ruid, euid, suid;
getresuid (&ruid, &euid, &suid);
printf ("[%d] ruid = %d, euid = %d, suid = %d\n",
getpid(), ruid, euid, suid);
return 0;
}
$ cat system-suid.c | sed 's/^/ /'
#include <sys/types.h>
#include <stdlib.h>
#include <unistd.h>
int main (void)
{
return system(
"./print-uids"
" && "
"echo {$$} uid: $UID, euid: $EUID"
" && "
"/bin/sh -c 'echo sh{$$} uid: $UID, euid: $EUID'"
" && "
"/bin/bash -c 'echo bash4{$$} uid: $UID, euid: $EUID'"
" && "
"bash-3.0 -c 'echo bash3{$$} uid: $UID, euid: $EUID'"
" && "
"bash-2.0 -c 'echo bash2{$$} uid: $UID, euid: $EUID'"
" && "
"ksh -c 'echo ksh{$$} uid: $(id -r -u), euid: $(id -u)'"
" && "
"dash -c 'echo dash{$$} uid: $(id -r -u), euid: $(id -u)'"
);
}
$ cc -o print-uids print-uids.c
$ cc -o system-suid system-suid.c
$ su -c 'chown root system-suid && chmod u+s system-suid'
Password: ********
$ ls -l system-suid print-uids
-rwxr-xr-x 1 stefano stefano 5167 Oct 30 17:58 print-uids
-rwsr-xr-x 1 root stefano 5293 Oct 30 17:59 system-suid
$ ./system-suid
[8204] ruid = 1000, euid = 0, suid = 0
{8203} uid: 1000, euid: 0
sh{8205} uid: 1000, euid: 0
bash4{8206} uid: 1000, euid: 1000
bash3{8207} uid: 1000, euid: 1000
bash2{8208} uid: 1000, euid: 1000
ksh{8209} uid: 1000, euid: 0
dash{8212} uid: 1000, euid: 0
HTH,
Stefano
