Re: Failure of "typeset" and exit status

[Bart Schaefer <schaefer@xxxxxxxxxxxxxxxx>]

On May 13,  9:39am, Peter Stephenson wrote:
}
} So you're worried about this
} 
}   % (){ local UID && print Still going; }
}   (anon): failed to change user ID: operation not permitted
}   Still going
} 
} Here's one possibility: in that case, there's no explicit set to UID so
} maybe we should make it local and leave it alone --- I'm not sure how to
} detect a case like this, though.

It's weird that unset produces no error, but local does so even if UID was
previously unset:

torch% unset UID
torch% (){ local UID } 
(anon): failed to change user ID: operation not permitted
torch% (){ unset UID }
torch% 

} Then if you explicitly assign to it
} (in our out of typeset) and *that* fails, return status 1.

I looked at that first, but there is a whole chain of void-returning
functions down from bin_typeset() to the setuid() call that triggers
the warning.  Propagating a non-fatal error would require a lot of
rejiggering.

It appears that the real problem is that UID is typed as an integer,
so "local UID" implicitly assigns zero.  That means that for a process
that IS allowed to change UID, merely declaring it local causes that
process to assume root privilege.  That's clearly both wrong and a
potential security issue.

-- 
Barton E. Schaefer