[debian-mysql] Bug#975911: mariadb-client: appears to ignore ~/.editrc keybind settings

Trevor Cordes debian at tecnopolis.ca
Sat May 22 02:58:29 BST 2021 

On Thu, 26 Nov 2020 12:50:26 -0500 The Wanderer <wanderer at fastmail.fm>
wrote:
> On 2020-11-26 at 09:43, The Wanderer wrote:
> 
> > Package: mariadb-client
> > Version: 1:10.5.8-3
> > Severity: normal
> > 
> > Prior to the upgrade, in an interactive session within the 'mysql'
> > terminal-based client, Ctrl+W would kill everything to the left of
> > the cursor up to the first word boundary (which in practice
> > appeared to mean "whitespace"), but nothing to the left of that
> > point.
> > 
> > This is apparently not the default, but I have it configured in
> > ~/.editrc. The contents of that file are as follows:
>
> Either way, the fact that ~/.editrc does not seem to be being
> respected is still an issue, which may or may not reside in
> mariadb-client. This additional discovery may simply mean that it was
> being ignored previously as well, I just hadn't noticed.

Hi, this is also bugging me on Fedora 32.  Digging deep into the
library chain and source code, it almost certainly is a libedit issue.
Linux doesn't have issetugid(), and in src/el.c in libedit
(2019-something thru 20210419 versions) it clearly only reads editrc if
issetugid is available.

The upstream here is http://thrysoee.dk/editline/, and it has this
changelog:

====
2013-07-10 Jess Thrysoee

   * version-info: 0:46:0

   * configure.ac, src/el.c: ~/.editrc was never sourced on Linux.
	On Linux issetugid is not available. When unable to determine if
	the current process is tainted, we did not trust the HOME
     environment variable and therefore could not load ~/.editrc.
	Now instead use secure_getenv or a issetugid based
     implementation of secure_getenv. Patch by Paolo Tosco.
====

Which means at one time this was fixed.  That's why this used to work
for us.  But something must have regressed in the source, and the fix
code which I think is the stuff dealing with HAVE_SECURE_GETENV defines
near the top of el.c doesn't actually help at all anymore.

A quick fix would be to fudge the source having to do with issetugid to
just not check the ifdef nor call the function.  Of course, that could
be a security hole if somehow it gets run in a setuid/gid context.

I have contacted the thrysoee.dk maintainer about getting this fixed in
his version, which will automatically trickle down to fix this for us
in deb & fedora.

More information about the pkg-mysql-maint mailing list