From: Harald van Dijk <harald@gigawatt.nl>
To: Denys Vlasenko <vda.linux@googlemail.com>
Cc: DASH shell mailing list <dash@vger.kernel.org>
Subject: Re: $ENV handling depends on defined(linux), why??
Date: Wed, 13 Oct 2021 22:31:00 +0100 [thread overview]
Message-ID: <246b57f4-3ff0-d47c-0747-c372166af345@gigawatt.nl> (raw)
In-Reply-To: <CAK1hOcM9mQnbsgGz47fYr+A059hr1SW++_25_cGCdVVFfnofUA@mail.gmail.com>
On 13/10/2021 20:17, Denys Vlasenko wrote:
> On Wed, Oct 13, 2021 at 11:56 AM Harald van Dijk <harald@gigawatt.nl> wrote:
>> On 13/10/2021 10:39, Denys Vlasenko wrote:
>>> Who in their right mind would have a *setuid*
>>> shell executable on any system where security matters?
>>
>> I suspect this was originally not for the benefit of setuid shell
>> executables, but setuid shell scripts. Linux does not support those, so
>> the check is considered unnecessary on Linux.
>>
>> However, actually, doing something along those lines is useful even on
>> Linux when setuid applications can be tricked to launch shell processes
>> in insecure ways.
>
> Not sourcing $ENV is nowhere near enough to ploug this hole,
Agreed.
> so doing it is still pointless.
If someone were proposing to do this now, then I would agree. But the
fact that this has been in forever makes me personally think there's
nothing gained by changing it now to something we'd already know will
need changing again later: on Linux the only effect of the change would
be to cause conflicts for distros that already picked up the privmode
patches years ago.
For better or worse, what dash implements now, except for the #ifndef
linux, is specified by POSIX, by the way: "ENV shall be ignored if the
user's real and effective user IDs or real and effective group IDs are
different." That'd actually be an argument in favour of the opposite
direction: removing only the #ifndef/#endif to make sure this check is
performed on all operating systems. But as that's less secure than what
bash does, I'd still favour following bash.
Cheers,
Harald van Dijk
prev parent reply other threads:[~2021-10-13 21:31 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-13 9:39 $ENV handling depends on defined(linux), why?? Denys Vlasenko
2021-10-13 9:55 ` Harald van Dijk
2021-10-13 19:17 ` Denys Vlasenko
2021-10-13 21:31 ` Harald van Dijk [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=246b57f4-3ff0-d47c-0747-c372166af345@gigawatt.nl \
--to=harald@gigawatt.nl \
--cc=dash@vger.kernel.org \
--cc=vda.linux@googlemail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).