Add the -p (privileged) commandline switch
found in bash, zsh, and friends. Reviewed by: joerg
This commit is contained in:
parent
d71ba03df8
commit
621a31c6ff
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=19240
@ -33,7 +33,7 @@
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id: main.c,v 1.7 1996/09/12 02:23:33 bde Exp $
|
||||
* $Id: main.c,v 1.8 1996/09/12 12:41:46 adam Exp $
|
||||
*/
|
||||
|
||||
#ifndef lint
|
||||
@ -162,11 +162,14 @@ main(argc, argv)
|
||||
read_profile("/etc/profile");
|
||||
state1:
|
||||
state = 2;
|
||||
read_profile(".profile");
|
||||
if (privileged == 0)
|
||||
read_profile(".profile");
|
||||
else
|
||||
read_profile("/etc/suid_profile");
|
||||
}
|
||||
state2:
|
||||
state = 3;
|
||||
if (getuid() == geteuid() && getgid() == getegid()) {
|
||||
if (privileged == 0) {
|
||||
if ((shinit = lookupvar("ENV")) != NULL && *shinit != '\0') {
|
||||
state = 3;
|
||||
read_profile(shinit);
|
||||
|
@ -33,7 +33,7 @@
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id: options.c,v 1.6 1995/10/09 17:56:32 joerg Exp $
|
||||
* $Id: options.c,v 1.7 1996/09/01 10:21:16 peter Exp $
|
||||
*/
|
||||
|
||||
#ifndef lint
|
||||
@ -92,6 +92,7 @@ procargs(argc, argv)
|
||||
argptr++;
|
||||
for (i = 0; i < NOPTS; i++)
|
||||
optlist[i].val = 2;
|
||||
privileged = (getuid() != geteuid() || getgid() != getegid());
|
||||
options(1);
|
||||
if (*argptr == NULL && minusc == NULL)
|
||||
sflag = 1;
|
||||
@ -184,6 +185,10 @@ options(cmdline)
|
||||
if (*argptr)
|
||||
argptr++;
|
||||
} else {
|
||||
if (c == 'p' && !val && privileged) {
|
||||
(void) setuid(getuid());
|
||||
(void) setgid(getgid());
|
||||
}
|
||||
setoption(c, val);
|
||||
}
|
||||
}
|
||||
@ -205,6 +210,10 @@ minus_o(name, val)
|
||||
} else {
|
||||
for (i = 0; i < NOPTS; i++)
|
||||
if (equal(name, optlist[i].name)) {
|
||||
if (!val && privileged && equal(name, "privileged")) {
|
||||
(void) setuid(getuid());
|
||||
(void) setgid(getgid());
|
||||
}
|
||||
setoption(optlist[i].letter, val);
|
||||
return;
|
||||
}
|
||||
|
@ -34,7 +34,7 @@
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* @(#)options.h 8.2 (Berkeley) 5/4/95
|
||||
* $Id: options.h,v 1.2 1994/09/24 02:58:05 davidg Exp $
|
||||
* $Id: options.h,v 1.3 1996/09/01 10:21:20 peter Exp $
|
||||
*/
|
||||
|
||||
struct shparam {
|
||||
@ -62,8 +62,9 @@ struct shparam {
|
||||
#define aflag optlist[12].val
|
||||
#define bflag optlist[13].val
|
||||
#define uflag optlist[14].val
|
||||
#define privileged optlist[15].val
|
||||
|
||||
#define NOPTS 15
|
||||
#define NOPTS 16
|
||||
|
||||
struct optent {
|
||||
const char *name;
|
||||
@ -88,6 +89,7 @@ struct optent optlist[NOPTS] = {
|
||||
{ "allexport", 'a', 0 },
|
||||
{ "notify", 'b', 0 },
|
||||
{ "nounset", 'u', 0 },
|
||||
{ "privileged", 'p', 0 },
|
||||
};
|
||||
#else
|
||||
extern struct optent optlist[NOPTS];
|
||||
|
13
bin/sh/sh.1
13
bin/sh/sh.1
@ -33,14 +33,14 @@
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" @(#)sh.1 8.6 (Berkeley) 5/4/95
|
||||
.\" $Id: sh.1,v 1.7 1996/09/01 10:21:39 peter Exp $
|
||||
.\" $Id: sh.1,v 1.8 1996/09/03 14:15:59 peter Exp $
|
||||
.\"
|
||||
.na
|
||||
.TH SH 1
|
||||
.SH NAME
|
||||
sh \- command interpreter (shell)
|
||||
.SH SYNOPSIS
|
||||
sh [-/+aCefnuvxIimsVEb] [-/+o longname] [arg ...]
|
||||
sh [-/+aCefnpuvxIimsVEb] [-/+o longname] [arg ...]
|
||||
.SH DESCRIPTION
|
||||
.LP
|
||||
Sh is the standard command interpreter for the system.
|
||||
@ -159,6 +159,15 @@ If not interactive, read commands but do not
|
||||
execute them. This is useful for checking the
|
||||
syntax of shell scripts.
|
||||
.TP
|
||||
-p privileged
|
||||
Turn on privileged mode. This mode is enabled on startup
|
||||
if either the effective user or group id is not equal to the
|
||||
real user or group id. Turning this mode off sets the
|
||||
effective user and group ids to the real user and group ids.
|
||||
Also on interactive shells and when enabled, this mode sources
|
||||
/etc/suid_profile (instead of ~/.profile) after /etc/profile
|
||||
and ignores the contents of the \fBENV\fP variable.
|
||||
.TP
|
||||
-u nounset
|
||||
Write a message to standard error when attempting
|
||||
to expand a variable that is not set, and if the
|
||||
|
Loading…
Reference in New Issue
Block a user