Bug 35714 - /etc/profile incorrectly checks for executable bit
/etc/profile incorrectly checks for executable bit
Status: CLOSED RAWHIDE
Product: Red Hat Linux
Classification: Retired
Component: setup (Show other bugs)
7.0
All Linux
low Severity medium
: ---
: ---
Assigned To: Bill Nottingham
David Lawrence
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-04-11 18:07 EDT by Philip Rowlands
Modified: 2014-03-16 22:20 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-04-17 22:01:02 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Philip Rowlands 2001-04-11 18:07:18 EDT
/etc/profile contains the following lines:

for i in /etc/profile.d/*.sh ; do
        if [ -x $i ]; then
                . $i
        fi
done

The test should be for read (-r) rather than execute (-x), because
source'ing a file reads it.

While you're at it, could you also fix /etc/csh.cshrc to use "-r" for this
test?
Comment 1 Trond Eivind Glomsrxd 2001-04-17 17:44:42 EDT
That's not a bug, it's just an easy way to turn it off :)
Comment 2 Philip Rowlands 2001-04-17 22:00:57 EDT
I would respectfully suggest that there are other ways to turn it off without 
requiring this broken behaviour (e.g rename to *.sh.x).

It is a bug because it's no guard against the conditional action successfully 
reading the file (ditto for csh.cshrc). Being able to execve() a file is not 
the same as being able to open() it.

I'm not reporting this to be pedantic; I've seen RPMs packaged by people who 
thought that a script file which is sourced needs read permissions; no more.
Comment 3 Bill Nottingham 2001-06-12 16:14:32 EDT
Will be fixed in 2.4.11-1; thanks!

Note You need to log in before you can comment on or make changes to this bug.