diff options
| author | Peter Stephenson <pws@zsh.org> | 2016-09-30 10:40:27 +0100 |
|---|---|---|
| committer | Peter Stephenson <pws@zsh.org> | 2016-09-30 10:41:44 +0100 |
| commit | d08674ef8c8e4920c2ebfa02f0bef86812f051ee (patch) | |
| tree | 933c87d39a7608eb79064f0aa73af98f0b0a8bb3 | |
| parent | 5cf2ffb327faf84b73beb812ff2f7e9bf08e7ecf (diff) | |
| download | zsh-d08674ef8c8e4920c2ebfa02f0bef86812f051ee.tar.gz zsh-d08674ef8c8e4920c2ebfa02f0bef86812f051ee.tar.xz zsh-d08674ef8c8e4920c2ebfa02f0bef86812f051ee.zip | |
39498: use PRIVILEGED option to decide on problematic parameter imports
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rw-r--r-- | Src/params.c | 6 | ||||
| -rw-r--r-- | Src/zsh.h | 2 |
3 files changed, 9 insertions, 4 deletions
diff --git a/ChangeLog b/ChangeLog index b49289b63..d6db9d982 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +2016-09-30 Peter Stephenson <p.stephenson@samsung.com> + + * 39498: Src/parmas.c,Src/zsh.h: use PRIVILEGED option to + decide on problematic parameter imports. + 2016-09-30 Mikael Magnusson <mikachu@gmail.com> * 39452 + comment from 39432: Src/Zle/zle_main.c: Call the diff --git a/Src/params.c b/Src/params.c index 87586a209..8271a8b53 100644 --- a/Src/params.c +++ b/Src/params.c @@ -333,7 +333,7 @@ IPDEF6("TRY_BLOCK_ERROR", &try_errflag, varinteger_gsu), IPDEF6("TRY_BLOCK_INTERRUPT", &try_interrupt, varinteger_gsu), #define IPDEF7(A,B) {{NULL,A,PM_SCALAR|PM_SPECIAL},BR((void *)B),GSU(varscalar_gsu),0,0,NULL,NULL,NULL,0} -#define IPDEF7R(A,B) {{NULL,A,PM_SCALAR|PM_SPECIAL|PM_DONTIMPORT_ROOT},BR((void *)B),GSU(varscalar_gsu),0,0,NULL,NULL,NULL,0} +#define IPDEF7R(A,B) {{NULL,A,PM_SCALAR|PM_SPECIAL|PM_DONTIMPORT_SUID},BR((void *)B),GSU(varscalar_gsu),0,0,NULL,NULL,NULL,0} #define IPDEF7U(A,B) {{NULL,A,PM_SCALAR|PM_SPECIAL|PM_UNSET},BR((void *)B),GSU(varscalar_gsu),0,0,NULL,NULL,NULL,0} IPDEF7("OPTARG", &zoptarg), IPDEF7("NULLCMD", &nullcmd), @@ -705,8 +705,8 @@ static int dontimport(int flags) /* If value already exported */ if (flags & PM_EXPORTED) return 1; - /* If security issue when exporting as root */ - if ((flags & PM_DONTIMPORT_ROOT) && (!getuid() || !geteuid())) + /* If security issue when importing and running with some privilege */ + if ((flags & PM_DONTIMPORT_SUID) && isset(PRIVILEGED)) return 1; /* OK to import */ return 0; diff --git a/Src/zsh.h b/Src/zsh.h index 052d754c9..79747d624 100644 --- a/Src/zsh.h +++ b/Src/zsh.h @@ -1802,7 +1802,7 @@ struct tieddata { #define PM_ZSHSTORED (1<<18) /* function stored in zsh form */ /* Remaining flags do not correspond directly to command line arguments */ -#define PM_DONTIMPORT_ROOT (1<<19) /* do not import if running as root */ +#define PM_DONTIMPORT_SUID (1<<19) /* do not import if running setuid */ #define PM_SINGLE (1<<20) /* special can only have a single instance */ #define PM_LOCAL (1<<21) /* this parameter will be made local */ #define PM_SPECIAL (1<<22) /* special builtin parameter */ |