This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 14622 - csh startup scripts using binary test instead of built-ins
csh startup scripts using binary test instead of built-ins
Status: CLOSED RAWHIDE
Product: Red Hat Linux
Classification: Retired
Component: less (Show other bugs)
6.2
All Linux
medium Severity medium
: ---
: ---
Assigned To: Bernhard Rosenkraenzer
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2000-07-25 12:30 EDT by Kendrick Vargas
Modified: 2008-05-01 11:37 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-07-25 17:47:18 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
patch to /etc/csh.login (526 bytes, patch)
2000-07-25 12:32 EDT, Kendrick Vargas
no flags Details | Diff
patches to less.csh and lang.csh in /etc/profile.d (863 bytes, patch)
2000-07-25 12:34 EDT, Kendrick Vargas
no flags Details | Diff

  None (edit)
Description Kendrick Vargas 2000-07-25 12:30:02 EDT
There are a few startup scripts for the tcsh/csh shell which use the
command 'test' instead of the built-in functions to test a file for
executability, or existance or whatever. The script runs and the tests the
exit status of the command.

Besides being inefficient, this has cause several problems when I have a
script called 'test' in my PATH somewhere before the intended binary.

In the worse case scenario it is possible that someone could find a means
to get a 'test' binary into the user's home directory (via exploiting a
user-level program or some such) and work it in such a way as to not tip
off the user as to it's execution, thus further compromising the user's
account and the system it is located on.

Ideally the startup scripts should be able to be as independent as possible
from the locations of the system binaries, especially when equivalent (and
much faster) shell built-ins exist to get the job done.

I just completed a default installation of RedHat 6.2. I've modified
startup scripts for the following packages and included packages for the
following files:

	setup-2.1.8-1	/etc/csh.login
	less-346-2	/etc/profile.d/less.csh
	initscripts-5.00-1	/etc/profile.d/lang.csh

Whomever wrote these shell scripts seemed to be unaware of the shell
built-in equivalents for 'test' in the csh/tcsh shell. These problems are
apparently not present in the equivalent sh/bash scripts.

Patches follow:
diff -rub profile.d-orig/lang.csh profile.d/lang.csh
--- profile.d-orig/lang.csh     Tue Jul 25 11:22:44 2000
+++ profile.d/lang.csh  Tue Jul 25 11:38:06 2000
@@ -1,7 +1,6 @@
 # /etc/profile.d/lang.csh - set i18n stuff
 
-test -f /etc/sysconfig/i18n
-if ($status == 0) then
+if ( -f /etc/sysconfig/i18n ) then
     eval `sed 's|=C$|=en_US|g' /etc/sysconfig/i18n | sed
's|\([^=]*\)=\([^=]*\)|setenv \1 \2|g' | sed 's|$|;|' `
     if ($?LC_ALL && $?LANG) then
         if ($LC_ALL == $LANG) then
diff -rub profile.d-orig/less.csh profile.d/less.csh
--- profile.d-orig/less.csh     Tue Jul 25 11:22:44 2000
+++ profile.d/less.csh  Tue Jul 25 11:32:25 2000
@@ -1,2 +1,4 @@
 # less initialization script (csh)
-test -x /usr/bin/lesspipe.sh && setenv LESSOPEN "|/usr/bin/lesspipe.sh %s"
+if ( -x /usr/bin/lesspipe.sh ) then
+    setenv LESSOPEN "|/usr/bin/lesspipe.sh %s"
+endif
diff -rub csh.login-orig csh.login
--- csh.login-orig      Tue Jul 25 11:40:26 2000
+++ csh.login   Tue Jul 25 11:48:26 2000
@@ -20,17 +20,14 @@
 setenv HOSTNAME `/bin/hostname`
 set history=1000
 
-test -f $HOME/.inputrc
-if ($status != 0) then
+if ( ! -f $HOME/.inputrc ) then
        setenv INPUTRC /etc/inputrc
 endif
 
-test -d /etc/profile.d
-if ($status == 0) then
+if ( -d /etc/profile.d ) then
        set nonomatch
         foreach i ( /etc/profile.d/*.csh )
-               test -f $i
-               if ($status == 0) then
+               if ( -f $i ) then
                                source $i
                endif
         end
Comment 1 Kendrick Vargas 2000-07-25 12:32:37 EDT
Created attachment 1512 [details]
patch to /etc/csh.login
Comment 2 Kendrick Vargas 2000-07-25 12:34:00 EDT
Created attachment 1513 [details]
patches to less.csh and lang.csh in /etc/profile.d
Comment 3 Bill Nottingham 2000-07-25 13:09:15 EDT
Fixed in initscripts-5.37-1, setup-2.3.2-1.
Reassigning to less for the last fix.
Comment 4 Bernhard Rosenkraenzer 2000-08-03 12:25:38 EDT
Fixed in -5

Note You need to log in before you can comment on or make changes to this bug.