mirrors
/
zsh
mirror of git://git.code.sf.net/p/zsh/code
1
0
Fork 0
Code Releases Activity

39498: use PRIVILEGED option to decide on problematic parameter imports

This commit is contained in:
Peter Stephenson 2016-09-30 10:40:27 +01:00
parent 5cf2ffb327
commit d08674ef8c
3 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ChangeLog
View File

@ -1,3 +1,8 @@
2016-09-30 Peter Stephenson <p.stephenson@samsung.com>
* 39498: Src/parmas.c,Src/zsh.h: use PRIVILEGED option to
decide on problematic parameter imports.
2016-09-30 Mikael Magnusson <mikachu@gmail.com>
* 39452 + comment from 39432: Src/Zle/zle_main.c: Call the

6
Src/params.c
View File

@ -333,7 +333,7 @@ IPDEF6("TRY_BLOCK_ERROR", &try_errflag, varinteger_gsu),
IPDEF6("TRY_BLOCK_INTERRUPT", &try_interrupt, varinteger_gsu),
#define IPDEF7(A,B) {{NULL,A,PM_SCALAR|PM_SPECIAL},BR((void *)B),GSU(varscalar_gsu),0,0,NULL,NULL,NULL,0}
#define IPDEF7R(A,B) {{NULL,A,PM_SCALAR|PM_SPECIAL|PM_DONTIMPORT_ROOT},BR((void *)B),GSU(varscalar_gsu),0,0,NULL,NULL,NULL,0}
#define IPDEF7R(A,B) {{NULL,A,PM_SCALAR|PM_SPECIAL|PM_DONTIMPORT_SUID},BR((void *)B),GSU(varscalar_gsu),0,0,NULL,NULL,NULL,0}
#define IPDEF7U(A,B) {{NULL,A,PM_SCALAR|PM_SPECIAL|PM_UNSET},BR((void *)B),GSU(varscalar_gsu),0,0,NULL,NULL,NULL,0}
IPDEF7("OPTARG", &zoptarg),
IPDEF7("NULLCMD", &nullcmd),
@ -705,8 +705,8 @@ static int dontimport(int flags)
/* If value already exported */
if (flags & PM_EXPORTED)
return 1;
/* If security issue when exporting as root */
if ((flags & PM_DONTIMPORT_ROOT) && (!getuid() || !geteuid()))
/* If security issue when importing and running with some privilege */
if ((flags & PM_DONTIMPORT_SUID) && isset(PRIVILEGED))
return 1;
/* OK to import */
return 0;

2
Src/zsh.h
View File

@ -1802,7 +1802,7 @@ struct tieddata {
#define PM_ZSHSTORED (1<<18) /* function stored in zsh form */
/* Remaining flags do not correspond directly to command line arguments */
#define PM_DONTIMPORT_ROOT (1<<19) /* do not import if running as root */
#define PM_DONTIMPORT_SUID (1<<19) /* do not import if running setuid */
#define PM_SINGLE (1<<20) /* special can only have a single instance */
#define PM_LOCAL (1<<21) /* this parameter will be made local */
#define PM_SPECIAL (1<<22) /* special builtin parameter */