Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

PATCH: 'UID=42 whoami' proceeds despite error

X-seq: zsh-workers 40062
From: Daniel Shahaf <d.s@xxxxxxxxxxxxxxxxxx>
To: zsh-workers@xxxxxxx
Subject: PATCH: 'UID=42 whoami' proceeds despite error
Date: Fri, 2 Dec 2016 12:08:26 +0000
Dkim-signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= daniel.shahaf.name; h=content-type:date:from:message-id :mime-version:subject:to:x-me-sender:x-me-sender:x-sasl-enc :x-sasl-enc; s=mesmtp; bh=hEM7s/ud/GOfvEjBSEAD+PbRdeg=; b=AKZkg2 ZrlxPb9mel9d+dWtWJjTtMIL2xqSZgr2u5AiGZOa6JJFEFMCsx8pr/3hSM4X6wDF s4XIWCynTfoB4Yt0QcWYOWToK3tHXaaAk9UvnJxRR7QMJHQCZt4b/ddkF7xLyi+K QDsttw2wgU+X/UV7UpkyjnaK2x6jXBuqFzhbg=
Dkim-signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:message-id :mime-version:subject:to:x-me-sender:x-me-sender:x-sasl-enc :x-sasl-enc; s=smtpout; bh=hEM7s/ud/GOfvEjBSEAD+PbRdeg=; b=d6nG/ KhaJJQasLgbZMPwajLQJXrRxNTk8ZP5d8ltdyeXaEipdghzCW8xHUbS2TuL5RYT6 8G95ctWpdGw4yow88LBqVwv5mMUep9eblXgTpt+D8LsxAnahmAvdseTm5BEUbvJU qYt8My12tKXGwP/RIvndYnHrAcTdJNCVJwJZqs=
List-help: <mailto:zsh-workers-help@zsh.org>
List-id: Zsh Workers List <zsh-workers.zsh.org>
List-post: <mailto:zsh-workers@zsh.org>
Mailing-list: contact zsh-workers-help@xxxxxxx; run by ezmlm

With current master, `UID=42 foo` will run 'foo' as the current UID, not
as UID 42, if setuid() failed:

% UID=42 id -u; echo $?
zsh: failed to change user ID: operation not permitted
1000
0
% 

How about the following?

diff --git a/Src/params.c b/Src/params.c
index aa8b196..13fa36e 100644
--- a/Src/params.c
+++ b/Src/params.c
@@ -4060,8 +4060,10 @@ void
 uidsetfn(UNUSED(Param pm), zlong x)
 {
 #ifdef HAVE_SETUID
-    if (setuid((uid_t)x))
+    if (setuid((uid_t)x)) {
 	zwarn("failed to change user ID: %e", errno);
+	errflag |= ERRFLAG_ERROR;
+    }
 #endif
 }
 
@@ -4081,8 +4083,10 @@ void
 euidsetfn(UNUSED(Param pm), zlong x)
 {
 #ifdef HAVE_SETEUID
-    if (seteuid((uid_t)x))
+    if (seteuid((uid_t)x)) {
 	zwarn("failed to change effective user ID: %e", errno);
+	errflag |= ERRFLAG_ERROR;
+    }
 #endif
 }
 
@@ -4102,8 +4106,10 @@ void
 gidsetfn(UNUSED(Param pm), zlong x)
 {
 #ifdef HAVE_SETUID
-    if (setgid((gid_t)x))
+    if (setgid((gid_t)x)) {
 	zwarn("failed to change group ID: %e", errno);
+	errflag |= ERRFLAG_ERROR;
+    }
 #endif
 }
 
@@ -4123,8 +4129,10 @@ void
 egidsetfn(UNUSED(Param pm), zlong x)
 {
 #ifdef HAVE_SETEUID
-    if (setegid((gid_t)x))
+    if (setegid((gid_t)x)) {
 	zwarn("failed to change effective group ID: %e", errno);
+	errflag |= ERRFLAG_ERROR;
+    }
 #endif
 }
 
diff --git a/Test/B02typeset.ztst b/Test/B02typeset.ztst
index 6d85a63..9c56c7e 100644
--- a/Test/B02typeset.ztst
+++ b/Test/B02typeset.ztst
@@ -711,3 +711,13 @@
   typeset isreadonly=still
 1:typeset returns status 1 if setting readonly variable
 ?(eval):2: read-only variable: isreadonly
+
+  if (( UID )); then
+    UID=$((UID+1)) date; echo "Status is printed, $?"
+  else
+    ZTST_skip="cannot test setuid error when tests run as superuser"
+  fi
+0:when cannot change UID, the command isn't run
+# 'date' did not run.
+>Status is printed, 1
+?(eval):2: failed to change user ID: operation not permitted

Follow-Ups:
- Re: PATCH: 'UID=42 whoami' proceeds despite error
  - From: Bart Schaefer
- Re: PATCH: 'UID=42 whoami' proceeds despite error
  - From: Peter Stephenson

Messages sorted by: Reverse Date, Date, Thread, Author