From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <zsh-workers-return-17838-mason-zsh=primenet.com.au@sunsite.dk>
Received: (qmail 3319 invoked from network); 18 Oct 2002 20:59:40 -0000
Received: from sunsite.dk (130.225.247.90)
  by ns1.primenet.com.au with SMTP; 18 Oct 2002 20:59:40 -0000
Received: (qmail 19567 invoked by alias); 18 Oct 2002 20:59:29 -0000
Mailing-List: contact zsh-workers-help@sunsite.dk; run by ezmlm
Precedence: bulk
X-No-Archive: yes
X-Seq: 17838
Received: (qmail 19552 invoked from network); 18 Oct 2002 20:59:26 -0000
Message-ID: <3DB0762A.7070605@osdl.org>
Date: Fri, 18 Oct 2002 13:59:22 -0700
From: Stephen Hemminger <shemminger@osdl.org>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20020830
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: zsh-workers@sunsite.dk, zsh-workers@sunsite.dk, zsh-workers@sunsite.dk,
   zsh-workers@sunsite.dk, lkml@vger.kernel.org
Subject: Linux 2.5 and Zsh bug
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

When running zsh on a Linux 2.5 kernel, the prompt always has a hash 
sign '#' rather than the normal user '$'.  This probably happens because 
the shell function privasserted() is returning true for all users.  I 
know nothing about Posix capabilities but the zsh code for this looks 
suspicious.

Code in question:
------------------------------------------------------------
/* isolate zsh bug */
#include <stdio.h>
#include <sys/capability.h>

int
privasserted(void)
{
    if(!geteuid()) {
        printf("geteuid() is root\n");
        return 1;
    }
    else  {
        cap_t caps = cap_get_proc();
        if(caps) {
            printf("caps = %p\n", caps);
            /* POSIX doesn't define a way to test whether a capability set *
             * is empty or not.  Typical.  I hope this is 
conforming...    */
            cap_flag_value_t val;
            cap_value_t n;

            for(n = 0; !cap_get_flag(caps, n, CAP_EFFECTIVE, &val); n++) {
                if(val) {
                    printf("capability %#x is %d\n", n, val);
                    cap_free(caps); /* missing in original zsh code 
memory leak */
                    return 1;
                }
            }
            printf("last capability %#x\n", n);

            cap_free(caps);
        }
    }
    return 0;
}

int main(int argc, const char **argv) {
    printf("%s privledged\n", privasserted() ?  "Is" : "Not");
}

------------------------------------------------
On 2.4.18
caps = 0x8049844
last capability 0x1d
Not privledged

On 2.5.43
caps = 0x804a00c
capability 0 is 1
Is privledged