Bug 14622 - csh startup scripts using binary test instead of built-ins
Summary: csh startup scripts using binary test instead of built-ins
Status: CLOSED RAWHIDE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: less (Show other bugs)
(Show other bugs)
Version: 6.2
Hardware: All Linux
medium
medium
Target Milestone: ---
Assignee: Bernhard Rosenkraenzer
QA Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2000-07-25 16:30 UTC by Kendrick Vargas
Modified: 2008-05-01 15:37 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-07-25 21:47:18 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
patch to /etc/csh.login (526 bytes, patch)
2000-07-25 16:32 UTC, Kendrick Vargas
no flags Details | Diff
patches to less.csh and lang.csh in /etc/profile.d (863 bytes, patch)
2000-07-25 16:34 UTC, Kendrick Vargas
no flags Details | Diff

Description Kendrick Vargas 2000-07-25 16:30:02 UTC
There are a few startup scripts for the tcsh/csh shell which use the
command 'test' instead of the built-in functions to test a file for
executability, or existance or whatever. The script runs and the tests the
exit status of the command.

Besides being inefficient, this has cause several problems when I have a
script called 'test' in my PATH somewhere before the intended binary.

In the worse case scenario it is possible that someone could find a means
to get a 'test' binary into the user's home directory (via exploiting a
user-level program or some such) and work it in such a way as to not tip
off the user as to it's execution, thus further compromising the user's
account and the system it is located on.

Ideally the startup scripts should be able to be as independent as possible
from the locations of the system binaries, especially when equivalent (and
much faster) shell built-ins exist to get the job done.

I just completed a default installation of RedHat 6.2. I've modified
startup scripts for the following packages and included packages for the
following files:

	setup-2.1.8-1	/etc/csh.login
	less-346-2	/etc/profile.d/less.csh
	initscripts-5.00-1	/etc/profile.d/lang.csh

Whomever wrote these shell scripts seemed to be unaware of the shell
built-in equivalents for 'test' in the csh/tcsh shell. These problems are
apparently not present in the equivalent sh/bash scripts.

Patches follow:
diff -rub profile.d-orig/lang.csh profile.d/lang.csh
--- profile.d-orig/lang.csh     Tue Jul 25 11:22:44 2000
+++ profile.d/lang.csh  Tue Jul 25 11:38:06 2000
@@ -1,7 +1,6 @@
 # /etc/profile.d/lang.csh - set i18n stuff
 
-test -f /etc/sysconfig/i18n
-if ($status == 0) then
+if ( -f /etc/sysconfig/i18n ) then
     eval `sed 's|=C$|=en_US|g' /etc/sysconfig/i18n | sed
's|\([^=]*\)=\([^=]*\)|setenv \1 \2|g' | sed 's|$|;|' `
     if ($?LC_ALL && $?LANG) then
         if ($LC_ALL == $LANG) then
diff -rub profile.d-orig/less.csh profile.d/less.csh
--- profile.d-orig/less.csh     Tue Jul 25 11:22:44 2000
+++ profile.d/less.csh  Tue Jul 25 11:32:25 2000
@@ -1,2 +1,4 @@
 # less initialization script (csh)
-test -x /usr/bin/lesspipe.sh && setenv LESSOPEN "|/usr/bin/lesspipe.sh %s"
+if ( -x /usr/bin/lesspipe.sh ) then
+    setenv LESSOPEN "|/usr/bin/lesspipe.sh %s"
+endif
diff -rub csh.login-orig csh.login
--- csh.login-orig      Tue Jul 25 11:40:26 2000
+++ csh.login   Tue Jul 25 11:48:26 2000
@@ -20,17 +20,14 @@
 setenv HOSTNAME `/bin/hostname`
 set history=1000
 
-test -f $HOME/.inputrc
-if ($status != 0) then
+if ( ! -f $HOME/.inputrc ) then
        setenv INPUTRC /etc/inputrc
 endif
 
-test -d /etc/profile.d
-if ($status == 0) then
+if ( -d /etc/profile.d ) then
        set nonomatch
         foreach i ( /etc/profile.d/*.csh )
-               test -f $i
-               if ($status == 0) then
+               if ( -f $i ) then
                                source $i
                endif
         end

Comment 1 Kendrick Vargas 2000-07-25 16:32:37 UTC
Created attachment 1512 [details]
patch to /etc/csh.login

Comment 2 Kendrick Vargas 2000-07-25 16:34:00 UTC
Created attachment 1513 [details]
patches to less.csh and lang.csh in /etc/profile.d

Comment 3 Bill Nottingham 2000-07-25 17:09:15 UTC
Fixed in initscripts-5.37-1, setup-2.3.2-1.
Reassigning to less for the last fix.


Comment 4 Bernhard Rosenkraenzer 2000-08-03 16:25:38 UTC
Fixed in -5


Note You need to log in before you can comment on or make changes to this bug.