Bug 35714

Summary: /etc/profile incorrectly checks for executable bit
Product: [Retired] Red Hat Linux Reporter: Philip Rowlands <phr>
Component: setupAssignee: Bill Nottingham <notting>
Status: CLOSED RAWHIDE QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: low    
Version: 7.0CC: rvokal
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2001-04-18 02:01:02 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description Philip Rowlands 2001-04-11 22:07:18 UTC
/etc/profile contains the following lines:

for i in /etc/profile.d/*.sh ; do
        if [ -x $i ]; then
                . $i

The test should be for read (-r) rather than execute (-x), because
source'ing a file reads it.

While you're at it, could you also fix /etc/csh.cshrc to use "-r" for this

Comment 1 Trond Eivind Glomsrxd 2001-04-17 21:44:42 UTC
That's not a bug, it's just an easy way to turn it off :)

Comment 2 Philip Rowlands 2001-04-18 02:00:57 UTC
I would respectfully suggest that there are other ways to turn it off without 
requiring this broken behaviour (e.g rename to *.sh.x).

It is a bug because it's no guard against the conditional action successfully 
reading the file (ditto for csh.cshrc). Being able to execve() a file is not 
the same as being able to open() it.

I'm not reporting this to be pedantic; I've seen RPMs packaged by people who 
thought that a script file which is sourced needs read permissions; no more.

Comment 3 Bill Nottingham 2001-06-12 20:14:32 UTC
Will be fixed in 2.4.11-1; thanks!