Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > gnu.bash.bug > #11598
| Path | csiph.com!au2pb.net!usenet.blueworldhosting.com!feeder01.blueworldhosting.com!peer01.iad.highwinds-media.com!news.highwinds-media.com!feed-me.highwinds-media.com!nntp.club.cc.cmu.edu!micro-heart-of-gold.mit.edu!bloom-beacon.mit.edu!bloom-beacon.mit.edu!171.64.64.130.MISMATCH!usenet.stanford.edu!not-for-mail |
|---|---|
| From | Linda Walsh <bash@tlinx.org> |
| Newsgroups | gnu.bash.bug |
| Subject | bad handling of error conditions in "type -P' |
| Date | Fri, 09 Oct 2015 16:21:57 -0700 |
| Lines | 74 |
| Approved | bug-bash@gnu.org |
| Message-ID | <mailman.26.1444432950.7904.bug-bash@gnu.org> (permalink) |
| NNTP-Posting-Host | lists.gnu.org |
| Mime-Version | 1.0 |
| Content-Type | text/plain; charset=UTF-8; format=flowed |
| Content-Transfer-Encoding | 7bit |
| X-Trace | usenet.stanford.edu 1444432951 19572 208.118.235.17 (9 Oct 2015 23:22:31 GMT) |
| X-Complaints-To | action@cs.stanford.edu |
| To | bug-bash <bug-bash@gnu.org> |
| Envelope-to | bug-bash@gnu.org |
| User-Agent | Thunderbird |
| X-detected-operating-system | by eggs.gnu.org: GNU/Linux 2.2.x-3.x (no timestamps) [generic] |
| X-Received-From | 173.164.175.65 |
| X-BeenThere | bug-bash@gnu.org |
| X-Mailman-Version | 2.1.14 |
| Precedence | list |
| List-Id | Bug reports for the GNU Bourne Again SHell <bug-bash.gnu.org> |
| List-Unsubscribe | <https://lists.gnu.org/mailman/options/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=unsubscribe> |
| List-Archive | <http://lists.gnu.org/archive/html/bug-bash> |
| List-Post | <mailto:bug-bash@gnu.org> |
| List-Help | <mailto:bug-bash-request@gnu.org?subject=help> |
| List-Subscribe | <https://lists.gnu.org/mailman/listinfo/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=subscribe> |
| X-Received-Bytes | 4272 |
| X-Received-Body-CRC | 1456713962 |
| Xref | csiph.com gnu.bash.bug:11598 |
Show key headers only | View raw
I've run across several problems with how type -P returns errors. 1) if a file isn't executable, type returns it anyway in > ls -l /sbin/scat -r--r--r-- 1 root root 245663 Nov 19 2013 /sbin/scat > type -P scat /sbin/scat 2) if a file is inaccessible, type still returns it an answer for the path of an executable named 'scat1': > ls -l /sbin/scat1 ---------- 1 root root 245663 Nov 19 2013 /sbin/scat1 > type -P scat1 /sbin/scat1 3) bash "knows better" because it doesn't do this in "posix mode" 4) if it doesn't find the file it returns a status code meaning 'EPERM' rather than 'ENOENT'. (ENOENT No such file or directory (POSIX.1)) This is true in normal mode or posix mode. 5) if the file is executable for root, it is still return as an answer for 'type -P': > ls -l /sbin/scat2 ---x------ 1 root root 245663 Nov 19 2013 /sbin/scat2 > type -P scat2 /sbin/scat2 6) if bash is in posix mode it will find '/sbin/scat2' only if the owner is root (good), BUT for a non-root user, a return code of '1' is return whether it the file exists or not. NOTE: by 'coincidence' on linux, 1=EPERM, which would be correct for /sbin/scat2, but it also returns '1' for the "ENOENT" case. 7) if the file is NOT owned by root, type -P returns the alien-owned file (this seems like it would be a security risk -- but it is also in the kernel, so bash behaving differently, though correct, would be inconsistent with the insecure behavior of the kernel: > ls -l /sbin/ucat2 ---x--x--- 1 nobody nogroup 245663 Nov 19 2013 /sbin/ucat2 > type -P ucat2 #(normal user) # type -P ucat2 #(root user is unprotected) /sbin/ucat2 Proposals: 1) It seems the non-posix mode should parallel the posix mode in this case. 2) type should return 'EPERM' if it finds an executable owned by someone else that isn't allowed execution by the caller. 3) if no file with any executable bits is set it should return status 'ENOENT'. 4) Ideally root would not behave differently from the normal user case, since ownership by a non-priviledged user might indicate a security problem, HOWEVER, this should be brought to the attention of the kernel folks for an explanation why root can execute files owned by suspect users. Perhaps Bash being different in this case would be a best course, as it is doing a path seach, while in the kernel case, it should only be allowed if an absolute path was given (with no PATH search). I regard this as rather broken, as it gives useless, wrong and insecure answers depending on the case. I also think bash, having had it's behavior changed due to posix rules should be using posix standard errno names, doesn't that make sense? Cheers, L. Walsh
Back to gnu.bash.bug | Previous | Next | Find similar
bad handling of error conditions in "type -P' Linda Walsh <bash@tlinx.org> - 2015-10-09 16:21 -0700
csiph-web