This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 433908 - "The shell will not run a set-user ID script without this option." should be deleted.
"The shell will not run a set-user ID script without this option." should be ...
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: tcsh617 (Show other bugs)
5.1
i686 Linux
low Severity low
: rc
: ---
Assigned To: Vojtech Vitek
BaseOS QE - Apps
: ManPageChange
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-02-21 21:41 EST by Cai Xianchao
Modified: 2015-03-04 18:56 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Previously, the tcsh(1) man page stated that the shell would not run a set-user ID script without an "-b" argument. This statement was removed from the man page because it is forbidden to run set-user ID scripts in Red Hat Enterprise Linux 5.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-07-21 04:49:13 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
This is a patch fixing the bug. (681 bytes, patch)
2008-02-21 21:41 EST, Cai Xianchao
no flags Details | Diff

  None (edit)
Description Cai Xianchao 2008-02-21 21:41:26 EST
Description of problem:
There is no influence to run a set-user ID script whether or not option "-b" is
used.

Version-Release number of selected component (if applicable):
tcsh-6.15.00

How reproducible:
Use command "tcsh [-b]" to execute a set-user ID script.

Steps to Reproduce:
1.[test@RHEL5 b]$ cat test.tcsh
#!/bin/tcsh

echo pass

2.[test@RHEL5 b]$ ll test.tcsh
-rwsr--r-- 1 test test 23 2008-02-22 10:03 test.tcsh

3.[test@RHEL5 b]$ tcsh -b test.tcsh
Pass

4.[test@RHEL5 b]$ tcsh test.tcsh
pass

  
Actual results:
It outputed "pass" whether option "-b" is used.

Expected results:
"test.tcsh" cann't be executed when option "-b" is not used.

Additional info:
Comment 1 Cai Xianchao 2008-02-21 21:41:26 EST
Created attachment 295579 [details]
This is a patch fixing the bug.
Comment 2 RHEL Product and Program Management 2011-01-11 14:58:13 EST
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated in the
current release, Red Hat is unfortunately unable to address this
request at this time. Red Hat invites you to ask your support
representative to propose this request, if appropriate and relevant,
in the next release of Red Hat Enterprise Linux.
Comment 3 RHEL Product and Program Management 2011-01-12 10:14:03 EST
This request was erroneously denied for the current release of
Red Hat Enterprise Linux.  The error has been fixed and this
request has been re-proposed for the current release.
Comment 4 Vojtech Vitek 2011-01-17 13:57:34 EST
I will propose this to upstream.

--
Another test case:

$ ll ./suid.sh
-rwsr--r--. 1 root root 42 Jan 17 19:24 suid.sh
$ cat ./suid.sh 
#!/bin/tcsh
whoami
$ whoami
vvitek
$ tcsh ./suid.sh
vvitek # Now I would expect EACCES according to man page
$ tcsh -b ./suid.sh
vvitek # Now I would expect root according to man page
Comment 9 Vojtech Vitek 2011-04-15 12:40:56 EDT
Proposed to upstream: http://bugs.gw.com/view.php?id=119
Comment 10 Vojtech Vitek 2011-04-18 04:26:00 EDT
Upstream likely to reject the patch, as permissions of executing set-user ID script may vary from system to system.
Comment 11 Branislav Náter 2011-06-22 02:39:17 EDT
Bugfix was successfully verified on tcsh617-6.17-5.el5 package.

Description of "-b" parameter was updated.
Comment 12 Miroslav Svoboda 2011-07-01 17:37:03 EDT
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Previously, the tcsh(1) man page stated that the shell would not run a set-user ID script without an "-b" argument. This statement was removed from the man page because it is forbidden to run set-user ID scripts in Red Hat Enterprise Linux 5.
Comment 13 errata-xmlrpc 2011-07-21 04:49:13 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-1072.html
Comment 14 errata-xmlrpc 2011-07-21 08:08:53 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-1072.html

Note You need to log in before you can comment on or make changes to this bug.