[Pkg-shadow-devel] Bug#479406: su fails for users with a POSIX script as their login shell
Nicolas François
nicolas.francois at centraliens.net
Wed Jul 22 13:49:37 UTC 2009
On Mon, Jul 20, 2009 at 03:41:40PM +0100, stephane_chazelas at yahoo.fr wrote:
> 2009-07-20 16:03:35 +0200, Nicolas François:
> [...]
> > login is the easiest, su is more complex because the behavior of
> > "su -c <command>" must be defined in this case. So I will just make it as
> > "/bin/sh <shell> -c <command>"
> [..]
> > + if (access (file, R_OK|X_OK) == 0) {
> > + /*
> > + * Assume this is a shell script (with no shebang).
> > + * Interpret it with /bin/sh
> > + */
> > + execle ("/bin/sh", "sh", file, (char *)0, envp);
> [...]
>
> There should be a macro that defines the PATH to "sh". On some
> systems (like Solaris), the standard sh is not in /bin. And you
> might find that some will have several "sh", one for every
> standard or version of standard they conform to, and that being
> defined either at compile time or run time.
Thanks. That should be fixed now.
> Using execvp() would make sure you do the same choice of a shell
> as the libc and would avoid potential problems in future
> hypothetical versions of debian that support several standards.
I would like to avoid having to sanitize the shell, and thus would prefer
not to use execvp.
> You may want to do:
>
> execle ("/bin/sh", "sh", "-", file, (char *)0, envp);
Done.
Best Regards,
--
Nekral
More information about the Pkg-shadow-devel
mailing list