Red Hat Bugzilla – Bug 433908
"The shell will not run a set-user ID script without this option." should be deleted.
Last modified: 2015-03-04 18:56:38 EST
Description of problem:
There is no influence to run a set-user ID script whether or not option "-b" is
Version-Release number of selected component (if applicable):
Use command "tcsh [-b]" to execute a set-user ID script.
Steps to Reproduce:
1.[test@RHEL5 b]$ cat test.tcsh
2.[test@RHEL5 b]$ ll test.tcsh
-rwsr--r-- 1 test test 23 2008-02-22 10:03 test.tcsh
3.[test@RHEL5 b]$ tcsh -b test.tcsh
4.[test@RHEL5 b]$ tcsh test.tcsh
It outputed "pass" whether option "-b" is used.
"test.tcsh" cann't be executed when option "-b" is not used.
Created attachment 295579 [details]
This is a patch fixing the bug.
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated in the
current release, Red Hat is unfortunately unable to address this
request at this time. Red Hat invites you to ask your support
representative to propose this request, if appropriate and relevant,
in the next release of Red Hat Enterprise Linux.
This request was erroneously denied for the current release of
Red Hat Enterprise Linux. The error has been fixed and this
request has been re-proposed for the current release.
I will propose this to upstream.
Another test case:
$ ll ./suid.sh
-rwsr--r--. 1 root root 42 Jan 17 19:24 suid.sh
$ cat ./suid.sh
$ tcsh ./suid.sh
vvitek # Now I would expect EACCES according to man page
$ tcsh -b ./suid.sh
vvitek # Now I would expect root according to man page
Proposed to upstream: http://bugs.gw.com/view.php?id=119
Upstream likely to reject the patch, as permissions of executing set-user ID script may vary from system to system.
Bugfix was successfully verified on tcsh617-6.17-5.el5 package.
Description of "-b" parameter was updated.
Technical note added. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.
Previously, the tcsh(1) man page stated that the shell would not run a set-user ID script without an "-b" argument. This statement was removed from the man page because it is forbidden to run set-user ID scripts in Red Hat Enterprise Linux 5.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.