[comp.bugs.2bsd] tip bug fix

jack@cadre.dsl.PITTSBURGH.EDU (Jack Nelson) (05/04/88)

Index:	/usr/src/usr.bin/tip/cmds.c  2.10BSD

Description:
	tip(1) will not properly run a shell if the environment
	SHELL is /bin/csh or /bin/tcsh.
Repeat-By:
	Procedure to repeat the problem: try it.  Works ok if SHELL=/bin/sh
	or if .tiprc has a line "SHELL=/bin/sh", but then you get /bin/sh.
Fix:
	Description of how to fix the problem:
	patch cmds.c to use the "-b" option as documented in csh(1) to
	be necessary when you run setuid and try to fork a csh.
	The patch calls sh(1) without that flag, all other with it.  If
	you use some other shell besides csh or tcsh this will not be
	general enough.

UUCP: { akgua | allegra | cmcl2 | idis | ihnp4 | mi-cec | pitt |
	psuvax1 | sun | sunrise | vax135 } ! cadre ! nelslab ! jack
ARPA: jack@cadre.dsl.pittsburgh.edu
John P. Nelson, M.D., 3811 O'Hara St, Pittsburgh, PA 15213, t:412-624-1769
Dept. of Psychiatry, U. of Pittsburgh

Cut:--------------
*** cmds.c.org	Wed Dec 16 16:24:47 1987
--- cmds.c	Fri Mar 25 15:35:15 1988
***************
*** 547,553 ****
  			cp = value(SHELL);
  		else
  			cp++;
! 		execl(value(SHELL), cp, 0);
  		printf("\r\ncan't execl!\r\n");
  		exit(1);
  	}
--- 547,556 ----
  			cp = value(SHELL);
  		else
  			cp++;
! 		if (strcmp(cp,"sh") == 0)
! 			execl(value(SHELL), cp, 0);
! 		else
! 			execl(value(SHELL), cp, "-b", 0);
  		printf("\r\ncan't execl!\r\n");
  		exit(1);
  	}
-- 
John P. Nelson, M.D., 3811 O'Hara St, Pittsburgh, PA 15213, t:412-624-1769 Dept. of Psychiatry, U. of Pittsburgh
UUCP: { akgua | allegra | cmcl2 | idis | ihnp4 | mi-cec | pitt | psuvax1 | sun | sunrise | vax135 } ! cadre ! jack
ARPA: jack@cadre.dsl.pittsburgh.edu

rcodi@yabbie.rmit.oz (Ian Donaldson) (05/08/88)

From article <1160@cadre.dsl.PITTSBURGH.EDU>, by jack@cadre.dsl.PITTSBURGH.EDU (Jack Nelson):
> Index:	/usr/src/usr.bin/tip/cmds.c  2.10BSD
> 
> Description:
> 	tip(1) will not properly run a shell if the environment
> 	SHELL is /bin/csh or /bin/tcsh.
 ...
> Fix:
> 	Description of how to fix the problem:
> 	patch cmds.c to use the "-b" option as documented in csh(1) to
> 	be necessary when you run setuid and try to fork a csh.

No!  That is definitely NOT the fix.  You should instead do a:

	setuid(getuid());
	setgid(getgid());

before you exec the shell!!
(same bug in 4.3bsd tip)

Ian D

rcodi@yabbie.rmit.oz (Ian Donaldson) (05/08/88)

In article <759@yabbie.rmit.oz>, rcodi@yabbie.rmit.oz (Ian Donaldson) writes:
> No!  That is definitely NOT the fix.  You should instead do a:
> 
> 	setuid(getuid());
> 	setgid(getgid());

A temporary workaround for those without source is to make tip a non-s[ug]id
program and make /usr/spool/uucp mode 777 (like Suns do it).  (yuk).

Ian D