From: Bart Schaefer <schaefer@brasslantern.com>
To: zsh-workers@zsh.org
Subject: Re: Failure of "typeset" and exit status
Date: Wed, 13 May 2015 08:48:27 -0700 [thread overview]
Message-ID: <150513084827.ZM15168@torch.brasslantern.com> (raw)
In-Reply-To: <20150513093945.749366aa@pwslap01u.europe.root.pri>
On May 13, 9:39am, Peter Stephenson wrote:
}
} So you're worried about this
}
} % (){ local UID && print Still going; }
} (anon): failed to change user ID: operation not permitted
} Still going
}
} Here's one possibility: in that case, there's no explicit set to UID so
} maybe we should make it local and leave it alone --- I'm not sure how to
} detect a case like this, though.
It's weird that unset produces no error, but local does so even if UID was
previously unset:
torch% unset UID
torch% (){ local UID }
(anon): failed to change user ID: operation not permitted
torch% (){ unset UID }
torch%
} Then if you explicitly assign to it
} (in our out of typeset) and *that* fails, return status 1.
I looked at that first, but there is a whole chain of void-returning
functions down from bin_typeset() to the setuid() call that triggers
the warning. Propagating a non-fatal error would require a lot of
rejiggering.
It appears that the real problem is that UID is typed as an integer,
so "local UID" implicitly assigns zero. That means that for a process
that IS allowed to change UID, merely declaring it local causes that
process to assume root privilege. That's clearly both wrong and a
potential security issue.
--
Barton E. Schaefer
next prev parent reply other threads:[~2015-05-13 15:48 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-12 2:43 Bart Schaefer
2015-05-12 8:42 ` Peter Stephenson
2015-05-12 9:12 ` Peter Stephenson
2015-05-13 4:59 ` Bart Schaefer
2015-05-13 8:39 ` Peter Stephenson
2015-05-13 15:48 ` Bart Schaefer [this message]
2015-05-13 16:38 ` Peter Stephenson
2015-05-13 17:50 ` Bart Schaefer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=150513084827.ZM15168@torch.brasslantern.com \
--to=schaefer@brasslantern.com \
--cc=zsh-workers@zsh.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/zsh/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).