* Wrote function eaccess (used to be a macro defined as `access'), which swaps real uid and gid with the effective ones, calls access, and reverts the uid/gid. This fixes the test builtin command not working properly when shell is privileged (closes: #245213). Index: pdksh-5.2.14/c_test.c =================================================================== --- pdksh-5.2.14.orig/c_test.c 2008-04-15 20:49:47.000000000 +0200 +++ pdksh-5.2.14/c_test.c 2008-04-15 20:52:50.000000000 +0200 @@ -338,7 +338,7 @@ case TO_FILUID: /* -O */ return test_stat(opnd1, &b1) == 0 && b1.st_uid == ksheuid; case TO_FILGID: /* -G */ - return test_stat(opnd1, &b1) == 0 && b1.st_gid == getegid(); + return test_stat(opnd1, &b1) == 0 && b1.st_gid == kshegid; /* * Binary Operators */ @@ -656,3 +656,36 @@ else bi_errorf("%s", msg); } + + +#ifdef DEBIAN +int eaccess(const char *pathname, int mode) { + int need_setreuid, need_setregid; + int result; + int _errno; + + + + if (( need_setregid = ( kshgid != kshegid ) )) { + setregid( kshegid, kshgid ); + } + + if (( need_setreuid = ( kshuid != ksheuid ) )) { + setreuid( ksheuid, kshuid ); + } + + result = access( pathname, mode ); + _errno = errno; + + if ( need_setregid ) { + setregid( kshgid, kshegid ); + } + + if ( need_setreuid ) { + setreuid( kshuid, ksheuid ); + } + + errno = _errno; + return result; +} +#endif Index: pdksh-5.2.14/main.c =================================================================== --- pdksh-5.2.14.orig/main.c 2008-04-15 20:51:49.000000000 +0200 +++ pdksh-5.2.14/main.c 2008-04-15 20:52:50.000000000 +0200 @@ -269,6 +269,9 @@ ksheuid = geteuid(); + kshuid = getuid(); + kshgid = getgid(); + kshegid = getegid(); safe_prompt = ksheuid ? "$ " : "# "; { struct tbl *vp = global("PS1"); @@ -283,7 +286,7 @@ } /* Set this before parsing arguments */ - Flag(FPRIVILEGED) = getuid() != ksheuid || getgid() != getegid(); + Flag(FPRIVILEGED) = kshuid != ksheuid || kshgid != kshegid; /* this to note if monitor is set on command line (see below) */ Flag(FMONITOR) = 127; Index: pdksh-5.2.14/misc.c =================================================================== --- pdksh-5.2.14.orig/misc.c 2008-04-15 20:49:47.000000000 +0200 +++ pdksh-5.2.14/misc.c 2008-04-15 20:52:50.000000000 +0200 @@ -19,6 +19,7 @@ int isfile)); static const unsigned char *cclass ARGS((const unsigned char *p, int sub)); + /* * Fast character classes */ @@ -311,13 +312,13 @@ ; #else /* OS2 */ #ifndef DEBIAN - setuid(ksheuid = getuid()); - setgid(getgid()); + setuid(ksheuid = kshuid = getuid()); + setgid(kshegid = kshgid = getgid()); #else /* patch from OpenBSD */ - seteuid(ksheuid = getuid()); + seteuid(ksheuid = kshuid = getuid()); setuid(ksheuid); - setegid(getgid()); - setgid(getgid()); + setegid(kshegid = kshgid = getgid()); + setgid(kshegid); #endif /* DEBIAN */ #endif /* OS2 */ } else if (f == FPOSIX && newval) { @@ -1365,3 +1366,4 @@ return b; #endif /* HAVE_GETCWD */ } + Index: pdksh-5.2.14/sh.h =================================================================== --- pdksh-5.2.14.orig/sh.h 2008-04-15 20:49:47.000000000 +0200 +++ pdksh-5.2.14/sh.h 2008-04-15 20:52:50.000000000 +0200 @@ -353,8 +353,12 @@ #define NUFILE 10 /* Number of user-accessible files */ #define FDBASE 10 /* First file usable by Shell */ +#ifndef DEBIAN /* you're not going to run setuid shell scripts, are you? */ #define eaccess(path, mode) access(path, mode) +#else +EXTERN int eaccess( const char * pathname, int mode ); +#endif /* Make MAGIC a char that might be printed to make bugs more obvious, but * not a char that is used often. Also, can't use the high bit as it causes @@ -372,6 +376,9 @@ EXTERN pid_t kshpid; /* $$, shell pid */ EXTERN pid_t procpid; /* pid of executing process */ EXTERN int ksheuid; /* effective uid of shell */ +EXTERN int kshegid; /* effective gid of shell */ +EXTERN int kshuid; /* real uid of shell */ +EXTERN int kshgid; /* real gid of shell */ EXTERN int exstat; /* exit status */ EXTERN int subst_exstat; /* exit status of last $(..)/`..` */ EXTERN const char *safe_prompt; /* safe prompt if PS1 substitution fails */