dj@dorsai.cognet.ucla.edu (David J. Wells) (11/16/88)
ENVIRONMENT: SR10.0 BSD 4.3
HARDWARE: Irrelevant.
DESCRIPTION: /bin/sh recognizes the ksh variable ENV, so most Bourne
Shell scripts try to execute your ksh environment script
(typically ~/.kshrc). Standard BSD 4.3 does not exhibit
this behavior. Two examples of affected software are
Pnews and lint, both /bin/sh scripts.
WORK AROUND: Check to see if ksh is running the environment script.
if [ $0 != /bin/ksh -a $0 != "-ksh" ]; then
exit 0
fi
{ksh script here}
This approach does not handle su's.
FIX 1: One way to take care of this is to copy /bin/ksh to
/bin/sh. I haven't tried this, but it is suggested in
the ksh documentation.
FIX 2: I have modifed /bin/sh, overwriting the string "ENV" with
0xFF's, so that /bin/sh no longer knows about the ENV
environment variable. Thanks to Casey Leedom for the
code from his sendmail virus fix.
# cc fix-ENV.c -o fix-ENV
# cp /bin/sh /bin/sh-ENV
# ./fix-ENV
# mv /bin/sh /bin/sh-dist
# mv /bin/sh-ENV /bin/sh
DISCLAIMER: I believe that fix 2 is correct, but I make no claims
as to its inerrancy. Also, this is *my* posting; UCLA
has no responsibility for the accuracy of this fix.
David
----- cut here ----- save this as fix-ENV.c ----- cut here -----
#include <stdio.h>
#include <sys/file.h>
#include <apollo_$std.h>
static char buf[sizeof("ENV")];
main(int argc, char **argv)
{
int fd, n, i;
long ENV_offset;
extern int errno;
ENV_offset = 25292L; /* strings -o -3 /bin/sh | egrep ENV */
fd = open("/bin/sh-ENV", O_RDWR);
if (fd < 0) {
perror("open: /bin/sh-ENV");
exit(1);
}
if (lseek(fd, ENV_offset, L_SET) < 0) {
perror("lseek: /bin/sh-ENV");
exit(1);
}
n = read(fd, buf, sizeof(buf));
if (n < 0) {
perror("read: /bin/sh-ENV");
exit(1);
}
if (n != sizeof(buf)) {
fprintf(stderr, "%s: unable to read %d bytes, only got %d.\n",
argv[0], sizeof(buf), n);
exit(1);
}
if (strncmp(buf, "ENV", sizeof(buf))) {
fprintf(stderr, "%s: offset %ld in /bin/sh-ENV does not contain\n",
argv[0], ENV_offset);
fprintf(stderr, "the word \"ENV\". /bin/sh-ENV NOT changed.\n");
exit(1);
}
if (lseek(fd, ENV_offset, L_SET) < 0) {
perror("lseek");
exit(1);
}
for (i = 0; i < sizeof(buf) && buf[i]; i++)
buf[i] = '\377';
n = write(fd, buf, sizeof(buf));
if (n < 0) {
perror("write");
exit(1);
}
if (n != sizeof(buf)) {
fprintf(stderr, "%s: unable to write %d bytes, only got %d out!.\n",
argv[0], sizeof(buf), n);
fprintf(stderr, "/bin/sh-ENV may be corrupted!!!\n");
exit(1);
}
if (close(fd) < 0) {
perror("close");
fprintf(stderr, "%s: /bin/sh-ENV was written to successfully before close failed.\n",
argv[0]);
fprintf(stderr, "/bin/sh-ENV may be corrupted!!!\n");
exit(1);
}
fprintf(stderr, "/bin/sh-ENV successfully modified!\n");
exit(0);
}
David J Wells
dj@cs.ucla.edu
w213/206-3960brian@apollo.COM (Brian Holt) (11/30/88)
In article <17939@shemp.CS.UCLA.EDU> dj@dorsai.cognet.ucla.edu (David J. Wells) writes: > >ENVIRONMENT: SR10.0 BSD 4.3 >DESCRIPTION: /bin/sh recognizes the ksh variable ENV, so most Bourne > Shell scripts try to execute your ksh environment script > (typically ~/.kshrc). Standard BSD 4.3 does not exhibit > this behavior. Two examples of affected software are > Pnews and lint, both /bin/sh scripts. > This problem was noted after sr10 shipped. It has been fixed in sr10.1. The Bourne Shell now looks for SHENV instead of ENV. =brian Disclaimer: I don't work on this stuff anymore, I just tend to keep my ears open. -- Internet: brian@apollo.COM UUCP: {decvax,mit-erl,yale}!apollo!brian NETel: Apollo: 508-256-6600 x5694 Home: 617-332-3073 FISA: 617-964-8938 USPS: Apollo Computer, Chelmsford MA Home: 29 Trowbridge St. Newton MA (Copyright 1988 by author. All rights reserved. Free redistribution allowed.)