Improving the syspatch(8) and sysupgrade(8) test for the invoking user's privileges

[Horia Racoviceanu]

Hi,

I noticed the syspatch(8) and sysupgrade(8) ksh scripts test if the
invoking user has the right privileges i.e. (($(id -u) != 0))

The test for the effective user ID number can be bypassed in
syspatch(8) and sysupgrade(8) by sh e.g.
$ id -u
1000
$ sh /usr/sbin/sysupgrade -s
/usr/sbin/sysupgrade[90]: 1000: not found
install: /home/_sysupgrade: Permission denied
$ sh /usr/sbin/syspatch -r
[snip]
/usr/sbin/syspatch[280]: 1000: not found
Reverting patch 012_carp
[snip]

The syspatch(8) and sysupgrade(8) test for the EUID number could be
improved by adding "set +o sh" (see netstart(8)) or by using the
"[[expression]]" test (see sysmerge(8)) or "[expression]" test (see
rcctl(8)) instead of "((expression))" e.g. [ "$(id -u)" -ne 0 ]

Moreover, other scripts could benefit from the addition of the
above-mentioned test for the EUID number e.g. daily(8), weekly(8), and
monthly(8) which are intended to run as root e.g.
$ id -u
1000
$ sh /etc/weekly
install: /var/log/INS@FJvExvWnUh: Permission denied
[snip]

[1] http://man.openbsd.org/ksh#__
[2] http://man.openbsd.org/ksh#test~2
[3] http://man.openbsd.org/ksh#Strict_Bourne_shell_mode

Index: syspatch.sh
===================================================================
RCS file: /cvs/src/usr.sbin/syspatch/syspatch.sh,v
retrieving revision 1.167
diff -u -p -r1.167 syspatch.sh
--- syspatch.sh 7 Dec 2020 21:19:28 -0000       1.167
+++ syspatch.sh 29 Jan 2021 08:04:08 -0000
@@ -276,7 +276,7 @@ set -A _KERNV -- $(sysctl -n kern.versio
 ((${#_KERNV[*]} > 1)) && err "Unsupported release: ${_KERNV[0]}${_KERNV[1]}"
 
 [[ $@ == @(|-[[:alpha:]]) ]] || usage; [[ $@ == @(|-(c|R|r)) ]] &&
-       (($(id -u) != 0)) && err "need root privileges"
+       [ "$(id -u)" -ne 0 ] && err "need root privileges"
 [[ $@ == @(|-(R|r)) ]] && pgrep -qxf '/bin/ksh .*reorder_kernel' &&
        err "cannot apply patches while reorder_kernel is running"
 

Index: sysupgrade.sh
===================================================================
RCS file: /cvs/src/usr.sbin/sysupgrade/sysupgrade.sh,v
retrieving revision 1.44
diff -u -p -r1.44 sysupgrade.sh
--- sysupgrade.sh       22 Oct 2020 07:19:42 -0000      1.44
+++ sysupgrade.sh       29 Jan 2021 07:53:31 -0000
@@ -89,7 +89,7 @@ while getopts fknrs arg; do
        esac
 done
 
-(($(id -u) != 0)) && err "need root privileges"
+[ "$(id -u)" -ne 0 ] && err "need root privileges"
 
 if $RELEASE && $SNAP; then
        usage

Index: daily
===================================================================
RCS file: /cvs/src/etc/daily,v
retrieving revision 1.95
diff -u -p -r1.95 daily
--- daily       20 Oct 2020 22:42:29 -0000      1.95
+++ daily       29 Jan 2021 08:08:44 -0000
@@ -9,6 +9,7 @@ umask 022
 
 PARTOUT=/var/log/daily.part
 MAINOUT=/var/log/daily.out
+[ "$(id -u)" -ne 0 ] && echo "${0##*/}: need root privileges" && exit 1
 install -o 0 -g 0 -m 600    /dev/null $PARTOUT
 install -o 0 -g 0 -m 600 -b /dev/null $MAINOUT