Package: dash
Version: 0.5.8-2.5
Severity: normal
Tags: patch
nyuszika7h <nyuszik...@gmail.com> writes:
> Indeed, this behavior is certainly wrong and is in violation of the
> POSIX standard.
Is there a reason why the ifdef-outted checks on st_mode
shouldn't be replaced by one call to access(2)?
I've attached a simple patch.
--
Sean Connor
sconnor...@allyinics.org
diff -u dash-0.5.8/debian/changelog dash-0.5.8/debian/changelog
--- dash-0.5.8/debian/changelog
+++ dash-0.5.8/debian/changelog
@@ -1,3 +1,11 @@
+dash (0.5.8-2.6) UNRELEASED; urgency=medium
+
+ * Non-maintainer upload.
+ * Use access(2) to determine if files in path are executable. (closes:
+ #874264).
+
+ -- Sean Connor <sconnor...@allyinics.org> Thu, 26 Oct 2017 14:10:44 -0400
+
dash (0.5.8-2.5) unstable; urgency=low
* Non-maintainer upload.
only in patch2:
unchanged:
--- dash-0.5.8.orig/patches/fix-find_command.patch
+++ dash-0.5.8/patches/fix-find_command.patch
@@ -0,0 +1,28 @@
+Index: dash-0.5.8/src/exec.c
+===================================================================
+--- dash-0.5.8.orig/src/exec.c 2017-10-26 15:31:00.491931222 -0400
++++ dash-0.5.8/src/exec.c 2017-10-26 15:31:12.103931539 -0400
+@@ -409,20 +409,10 @@
+ stunalloc(fullname);
+ goto success;
+ }
+-#ifdef notdef
+- /* XXX this code stops root executing stuff, and is buggy
+- if you need a group from the group list. */
+- if (statb.st_uid == geteuid()) {
+- if ((statb.st_mode & 0100) == 0)
+- goto loop;
+- } else if (statb.st_gid == getegid()) {
+- if ((statb.st_mode & 010) == 0)
+- goto loop;
+- } else {
+- if ((statb.st_mode & 01) == 0)
+- goto loop;
++ if (access(fullname, X_OK))
++ {
++ goto loop;
+ }
+-#endif
+ TRACE(("searchexec \"%s\" returns \"%s\"\n", name, fullname));
+ if (!updatetbl) {
+ entry->cmdtype = CMDNORMAL;
only in patch2:
unchanged:
--- dash-0.5.8.orig/patches/series
+++ dash-0.5.8/patches/series
@@ -0,0 +1 @@
+fix-find_command.patch
