system/pdksh/patches/042_Debian-eaccess.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140

  * Wrote function eaccess (used to be a macro defined as `access'),
    which swaps real uid and gid with the effective ones, calls access,
    and reverts the uid/gid. This fixes the test builtin command not
    working properly when shell is privileged (closes: #245213).
Index: pdksh-5.2.14/c_test.c
===================================================================
--- pdksh-5.2.14.orig/c_test.c	2008-04-15 20:49:47.000000000 +0200
+++ pdksh-5.2.14/c_test.c	2008-04-15 20:52:50.000000000 +0200
@@ -338,7 +338,7 @@
 	  case TO_FILUID: /* -O */
 		return test_stat(opnd1, &b1) == 0 && b1.st_uid == ksheuid;
 	  case TO_FILGID: /* -G */
-		return test_stat(opnd1, &b1) == 0 && b1.st_gid == getegid();
+		return test_stat(opnd1, &b1) == 0 && b1.st_gid == kshegid;
 	/*
 	 * Binary Operators
 	 */
@@ -656,3 +656,36 @@
 	else
 		bi_errorf("%s", msg);
 }
+
+
+#ifdef DEBIAN
+int eaccess(const char *pathname, int mode) {
+	int need_setreuid, need_setregid;
+	int result;
+	int _errno;
+	
+
+	
+	if (( need_setregid = ( kshgid != kshegid ) )) {
+		setregid( kshegid, kshgid );
+	}
+	
+	if (( need_setreuid = ( kshuid  != ksheuid ) )) {
+		setreuid( ksheuid, kshuid );
+	}
+
+	result = access( pathname, mode );
+	_errno = errno;
+
+	if ( need_setregid ) {
+		setregid( kshgid, kshegid );
+	}
+	
+	if ( need_setreuid ) {
+		setreuid( kshuid, ksheuid );
+	}
+
+	errno = _errno;
+	return result;
+}
+#endif	
Index: pdksh-5.2.14/main.c
===================================================================
--- pdksh-5.2.14.orig/main.c	2008-04-15 20:51:49.000000000 +0200
+++ pdksh-5.2.14/main.c	2008-04-15 20:52:50.000000000 +0200
@@ -269,6 +269,9 @@
 
 
 	ksheuid = geteuid();
+	kshuid  = getuid();
+	kshgid  = getgid();
+	kshegid = getegid();
 	safe_prompt = ksheuid ? "$ " : "# ";
 	{
 		struct tbl *vp = global("PS1");
@@ -283,7 +286,7 @@
 	}
 
 	/* Set this before parsing arguments */
-	Flag(FPRIVILEGED) = getuid() != ksheuid || getgid() != getegid();
+	Flag(FPRIVILEGED) = kshuid != ksheuid || kshgid != kshegid;
 
 	/* this to note if monitor is set on command line (see below) */
 	Flag(FMONITOR) = 127;
Index: pdksh-5.2.14/misc.c
===================================================================
--- pdksh-5.2.14.orig/misc.c	2008-04-15 20:49:47.000000000 +0200
+++ pdksh-5.2.14/misc.c	2008-04-15 20:52:50.000000000 +0200
@@ -19,6 +19,7 @@
 			int isfile));
 static const unsigned char *cclass ARGS((const unsigned char *p, int sub));
 
+
 /*
  * Fast character classes
  */
@@ -311,13 +312,13 @@
 		;
 #else /* OS2 */
 #ifndef DEBIAN
-		setuid(ksheuid = getuid());
-		setgid(getgid());
+		setuid(ksheuid = kshuid = getuid());
+		setgid(kshegid = kshgid = getgid());
 #else /* patch from OpenBSD */
-		seteuid(ksheuid = getuid());
+		seteuid(ksheuid = kshuid = getuid());
 		setuid(ksheuid);
-		setegid(getgid());
-		setgid(getgid());
+		setegid(kshegid = kshgid = getgid());
+		setgid(kshegid);
 #endif /* DEBIAN */
 #endif /* OS2 */
 	} else if (f == FPOSIX && newval) {
@@ -1365,3 +1366,4 @@
 	return b;
 #endif /* HAVE_GETCWD */
 }
+
Index: pdksh-5.2.14/sh.h
===================================================================
--- pdksh-5.2.14.orig/sh.h	2008-04-15 20:49:47.000000000 +0200
+++ pdksh-5.2.14/sh.h	2008-04-15 20:52:50.000000000 +0200
@@ -353,8 +353,12 @@
 #define	NUFILE	10		/* Number of user-accessible files */
 #define	FDBASE	10		/* First file usable by Shell */
 
+#ifndef DEBIAN
 /* you're not going to run setuid shell scripts, are you? */
 #define	eaccess(path, mode)	access(path, mode)
+#else
+EXTERN int eaccess( const char * pathname, int mode );
+#endif
 
 /* Make MAGIC a char that might be printed to make bugs more obvious, but
  * not a char that is used often.  Also, can't use the high bit as it causes
@@ -372,6 +376,9 @@
 EXTERN	pid_t	kshpid;		/* $$, shell pid */
 EXTERN	pid_t	procpid;	/* pid of executing process */
 EXTERN	int	ksheuid;	/* effective uid of shell */
+EXTERN	int	kshegid;	/* effective gid of shell */
+EXTERN	int	kshuid;		/* real uid of shell */
+EXTERN	int	kshgid;		/* real gid of shell */
 EXTERN	int	exstat;		/* exit status */
 EXTERN	int	subst_exstat;	/* exit status of last $(..)/`..` */
 EXTERN	const char *safe_prompt; /* safe prompt if PS1 substitution fails */