From 334ed65e2765062a449897d70925255929eae8a8 Mon Sep 17 00:00:00 2001 From: Daniel Shahaf Date: Fri, 2 Dec 2016 12:08:26 +0000 Subject: [PATCH] 40068: Abort execution when setuid/setgid fail. The incumbent code would print an error message and continue execution with the previous uid/gid values, not even setting lastval: % UID=42 id -u; echo $? zsh: failed to change user ID: operation not permitted 1000 0 % --- ChangeLog | 3 +++ Src/params.c | 8 ++++---- Test/B02typeset.ztst | 10 ++++++++++ 3 files changed, 17 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 20574d17e..eb29a06cb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,8 @@ 2016-12-03 Daniel Shahaf + * 40068: Src/params.c, Test/B02typeset.ztst: Abort execution + when setuid/setgid fail. + * 40067: Src/Zle/comp.h, Src/Zle/complete.c, Src/params.c: internal: Document 'cmatcher', parse_cmatcher(), 'comptoend', unsetparam_pm(), and getindex(). diff --git a/Src/params.c b/Src/params.c index 21a910190..c64d7486b 100644 --- a/Src/params.c +++ b/Src/params.c @@ -4077,7 +4077,7 @@ uidsetfn(UNUSED(Param pm), zlong x) { #ifdef HAVE_SETUID if (setuid((uid_t)x)) - zwarn("failed to change user ID: %e", errno); + zerr("failed to change user ID: %e", errno); #endif } @@ -4098,7 +4098,7 @@ euidsetfn(UNUSED(Param pm), zlong x) { #ifdef HAVE_SETEUID if (seteuid((uid_t)x)) - zwarn("failed to change effective user ID: %e", errno); + zerr("failed to change effective user ID: %e", errno); #endif } @@ -4119,7 +4119,7 @@ gidsetfn(UNUSED(Param pm), zlong x) { #ifdef HAVE_SETUID if (setgid((gid_t)x)) - zwarn("failed to change group ID: %e", errno); + zerr("failed to change group ID: %e", errno); #endif } @@ -4140,7 +4140,7 @@ egidsetfn(UNUSED(Param pm), zlong x) { #ifdef HAVE_SETEUID if (setegid((gid_t)x)) - zwarn("failed to change effective group ID: %e", errno); + zerr("failed to change effective group ID: %e", errno); #endif } diff --git a/Test/B02typeset.ztst b/Test/B02typeset.ztst index 6d85a63fe..9c56c7e5e 100644 --- a/Test/B02typeset.ztst +++ b/Test/B02typeset.ztst @@ -711,3 +711,13 @@ typeset isreadonly=still 1:typeset returns status 1 if setting readonly variable ?(eval):2: read-only variable: isreadonly + + if (( UID )); then + UID=$((UID+1)) date; echo "Status is printed, $?" + else + ZTST_skip="cannot test setuid error when tests run as superuser" + fi +0:when cannot change UID, the command isn't run +# 'date' did not run. +>Status is printed, 1 +?(eval):2: failed to change user ID: operation not permitted