Commit ID: 10052176CB912FE954B CVSROOT: /cvs Module name: src Changes by: t...@herc.mirbsd.org 2013/08/23 14:07:41 UTC
Modified files: distrib/special/mksh: Makefile bin/mksh : Build.sh Makefile check.t misc.c mksh.1 sh.h Log message: SECURITY: Unbreak “set +p”, broken by OpenBSD ksh change. TODO: I am seriously considering following Chet and changing the way this works, by explicitly dropping privs unless the shell is run with -p. Every other shell does it like mksh, except Heirloom sh, which on the other hand doesn’t know any explicit set -p or set +p (though it doesn’t know set +foo for any foo either). ┌──┤ QUESTION: Do we need the ability to do this: │ tg@blau:~ $ ./suidmksh -p -c 'whoami; set +p; whoami' │ root │ tg If not, I’m seriously considering to drop set ±p as well, only parse -p on the command line, with +p being the default, and dropping FPRIVILEGED. Thanks to RT for noticing and jilles for initial follow-up discussion, as well as Chet Ramey for doing the sane/secure thing instead of following Debian. To generate a diff of this changeset, execute the following commands: cvs -R rdiff -kk -upr1.71 -r1.72 src/distrib/special/mksh/Makefile cvs -R rdiff -kk -upr1.645 -r1.646 src/bin/mksh/Build.sh cvs -R rdiff -kk -upr1.124 -r1.125 src/bin/mksh/Makefile cvs -R rdiff -kk -upr1.630 -r1.631 src/bin/mksh/check.t cvs -R rdiff -kk -upr1.214 -r1.215 src/bin/mksh/misc.c cvs -R rdiff -kk -upr1.320 -r1.321 src/bin/mksh/mksh.1 cvs -R rdiff -kk -upr1.668 -r1.669 src/bin/mksh/sh.h