From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <zsh-workers-return-45443-ml=inbox.vuxu.org@zsh.org>
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.0 required=5.0 tests=MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_NONE autolearn=ham autolearn_force=no version=3.4.2
Received: from primenet.com.au (ns1.primenet.com.au [203.24.36.2])
	by inbox.vuxu.org (OpenSMTPD) with ESMTP id 171146ca
	for <ml@inbox.vuxu.org>;
	Mon, 17 Feb 2020 02:19:56 +0000 (UTC)
Received: (qmail 19379 invoked by alias); 17 Feb 2020 02:19:46 -0000
Mailing-List: contact zsh-workers-help@zsh.org; run by ezmlm
Precedence: bulk
X-No-Archive: yes
List-Id: Zsh Workers List <zsh-workers.zsh.org>
List-Post: <mailto:zsh-workers@zsh.org>
List-Help: <mailto:zsh-workers-help@zsh.org>
List-Unsubscribe: <mailto:zsh-workers-unsubscribe@zsh.org>
X-Seq: 45443
Received: (qmail 28827 invoked by uid 1010); 17 Feb 2020 02:19:46 -0000
X-Qmail-Scanner-Diagnostics: from mail-yb1-f181.google.com by f.primenet.com.au (envelope-from <dana@dana.is>, uid 7791) with qmail-scanner-2.11 
 (clamdscan: 0.102.1/25724. spamassassin: 3.4.2.  
 Clear:RC:0(209.85.219.181):SA:0(-1.9/5.0):. 
 Processed in 2.65536 secs); 17 Feb 2020 02:19:46 -0000
X-Envelope-From: dana@dana.is
X-Qmail-Scanner-Mime-Attachments: |
X-Qmail-Scanner-Zip-Files: |
Received-SPF: pass (ns1.primenet.com.au: SPF record at _netblocks.google.com designates 209.85.219.181 as permitted sender)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:content-transfer-encoding:mime-version
         :subject:message-id:date:cc:to;
        bh=iuJFfLYIQGYTEqXJWaYAvYoOON/vHQBc8i8bm/gHJhA=;
        b=HrGt/ljUD6MoLuzx46yp3lOGGHwx7qGxR+SlaOiB8U9m/fiNxEuojn7WQyy9QfeUq4
         FijMocQMcML5Ng5QPD7Ry2EV4TiZvOa3z9gRSB+9GE0kEPTMKfpyVcwffTIBpWIjyykN
         pOA8bjex/Lk78wvKBIXJaAIUvSSo1wduL88TW8v0x/WH3IThHvkabncUwh69djCDO9fv
         /30e2MMBgXlQiQ24YvJBgo3rNi9dTC6zoNeRq1dECzJoeo892Maci0kivXdIO2er89cS
         IgCeqbSA28VzaeFftiAnmnbdVWqKwhT9F7YGrbBaMdXGkrcBxayb78uipMDJb13foEuA
         4Dhw==
X-Gm-Message-State: APjAAAV42PBOzPXhd0gWBIrHKF2QFi7/c0IYCsQ0RIuYhWhft37tqTqp
	joA3zbHSAnWfj38lH9RUO/ex1s0Y5RsOjw==
X-Google-Smtp-Source: APXvYqzb1kne3XX9mN25B5mfLfmTnZESujxWVRPD6uK1w54zv31azRm2Cf9FcL86BEv3gMRh3LpF8Q==
X-Received: by 2002:a25:9249:: with SMTP id e9mr11784943ybo.421.1581905949118;
        Sun, 16 Feb 2020 18:19:09 -0800 (PST)
From: dana <dana@dana.is>
Content-Type: text/plain;
	charset=utf-8
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 13.0 \(3608.60.0.2.5\))
Subject: [BUG] Issue with set built-in in 5.8 (?)
Message-Id: <6908034E-BC9E-41B3-8457-111F275AF3A7@dana.is>
Date: Sun, 16 Feb 2020 20:19:07 -0600
Cc: Daniel Shahaf <d.s@daniel.shahaf.name>
To: Zsh hackers list <zsh-workers@zsh.org>
X-Mailer: Apple Mail (2.3608.60.0.2.5)

I think there is arguably a regression in the way the set built-in works =
in
5.8, or at least a change in behaviour that we might consider further. =
The
implications hadn't occurred to me until just now, sorry :/

Unlike setopt, when set gets an error back from dosetopt(), it aborts =
the
shell. Before 5.8, the only errors you were likely to see in the real =
world
were usage-related ones (e.g., `set -b` or `set -o fakeoption`). It =
*was*
possible to get an error if setuid() or setgid() failed, but this should =
be
very rare.

Now, due to the extra error checks we do, it's much more likely that
dosetopt() can return non-zero when unsetting PRIVILEGED: the functions =
might
not be available, the user might not have permission to do initgroups(), =
the
sanity checks at the end might find that we're able to restore =
privileges, &c.

Most of these errors are useful, but i'm not sure they should =
unconditionally
abort the shell.

Possibilities:

1. We could reconsider which errors should be reported and/or make =
dosetopt()
   return non-zero. The main one i have doubts about is the initgroups()
   permission one. It is expected that unprivileged users can't update =
their
   supplementary groups, so warning the user about this condition, let =
alone
   treating it as an error, may be excessive

2. We could do something like have dosetopt() return <0 for halting =
errors and
   >0 for ones non-halting, and have bin_set() handle accordingly

3. I'm over-thinking it

@Daniel, we talked about the first one before, but this particular =
concern
didn't come up at the time =E2=80=94 what do you reckon?

dana


% sudo perl -e '$< =3D 1; $> =3D 2; exec("zsh", "-fc", "id; unsetopt =
privileged; echo still here");'
uid=3D1(daemon) gid=3D1(daemon) euid=3D2 egid=3D0(wheel) groups=3D...
zsh:unsetopt:1: PRIVILEGED: supplementary group list not changed due to =
lack of permissions: EUID=3D2
zsh:unsetopt:1: can't change option: privileged
still here

% sudo perl -e '$< =3D 1; $> =3D 2; exec("zsh", "-fc", "id; set +p; echo =
still here");'
uid=3D1(daemon) gid=3D1(daemon) euid=3D2 egid=3D0(wheel) groups=3D...
zsh:unsetopt:1: PRIVILEGED: supplementary group list not changed due to =
lack of permissions: EUID=3D2
zsh:set:1: can't change option: -p