We found that the real and effective UID swapped after the ksh script enters
an if clause in newer version of ksh (Version JM 93t+ 2010-06-21). Below,
test1 is a c program with setuid root execution turn on. test1 is calling
test2, a ksh script. This is an AIX environment.
# cat /tmp/test1.c
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
main()
{
uid_t rl_uid, ef_uid;
printf("==== From main ; c program ====\n");
if (-1 == (rl_uid = getuid()))
perror("geteuid() error.");
else
printf("The real UID is: %u\n", rl_uid);
if (-1 == (ef_uid = geteuid()))
perror("geteuid() error.");
else
printf("The effective UID is: %u\n", ef_uid);
printf("\n=== Calling script /tmp/test2\n");
system("/tmp/test2");
}
# cat /tmp/test2
#!/bin/ksh93
set -x
print "=== From test2 ======================"
print ${.sh.version}
id
id -u
whoami
if [[ -e /etc/hosts ]]
then
print "=== Inside if"
id
id -u
whoami
fi
print "=== After if"
id
id -u
whoami
(10:49:21) c8f2c4vp1:/ # uname -a
AIX c8f2c4vp1 1 6 00C231EF4C00
(10:49:31) c8f2c4vp1:/ # id
uid=60230(user230) gid=1(staff)
(10:49:59) c8f2c4vp1:/ # ls -l /tmp/test1
-r-sr-xr-x 1 root system 5822 Mar 26 10:42 /tmp/test1*
###Output when test 2 running with ksh93. The real and effective UID remain
the same through out test1 and test2.
(10:50:06) c8f2c4vp1:/ # /tmp/test1
==== From main ; c program ====
The real UID is: 60230
The effective UID is: 0
=== Calling script /tmp/test2
+ print '=== From test2 ======================'
=== From test2 ======================
+ print Version M-12/28/93e
Version M-12/28/93e
+ id
uid=60230(user230) gid=1(staff) euid=0(root)
+ id -u
0
+ whoami
root
+ [[ -e /etc/hosts ]]
+ print '=== Inside if'
=== Inside if
+ id
uid=60230(user230) gid=1(staff) euid=0(root)
+ id -u
0
+ whoami
root
+ print '=== After if'
=== After if
+ id
uid=60230(user230) gid=1(staff) euid=0(root)
+ id -u
0
+ whoami
root
###Test2 with new ksh version. The real and effective UID swapped from inside
the if statement and remain like from that point on.
(10:52:46) c8f2c4vp1:/ # /tmp/test1
==== From main ; c program ====
The real UID is: 60230
The effective UID is: 0
=== Calling script /tmp/test2
+ print '=== From test2 ======================'
=== From test2 ======================
+ print Version JM 93t+ 2010-06-21 MM-1302
Version JM 93t+ 2010-06-21 MM-1302
+ id
uid=60230(user230) gid=1(staff) euid=0(root)
+ id -u
0
+ whoami
root
+ [[ -e /etc/hosts ]]
+ print '=== Inside if'
=== Inside if
+ id
uid=0(root) gid=1(staff) euid=60230(user230) <==== real and effective UID
swapped from here on.
+ id -u
60230
+ whoami
user230
+ print '=== After if'
=== After if
+ id
uid=0(root) gid=1(staff) euid=60230(user230)
+ id -u
60230
+ whoami
user230
I don't know which behave correctly. Is this a bug in the new ksh version?
Thanks,
Tru._______________________________________________
ast-developers mailing list
[email protected]
http://lists.research.att.com/mailman/listinfo/ast-developers
