Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

[BUG] Issue with set built-in in 5.8 (?)

X-seq: zsh-workers 45443
From: dana <dana@xxxxxxx>
To: Zsh hackers list <zsh-workers@xxxxxxx>
Subject: [BUG] Issue with set built-in in 5.8 (?)
Date: Sun, 16 Feb 2020 20:19:07 -0600
Cc: Daniel Shahaf <d.s@xxxxxxxxxxxxxxxxxx>
List-help: <mailto:zsh-workers-help@zsh.org>
List-id: Zsh Workers List <zsh-workers.zsh.org>
List-post: <mailto:zsh-workers@zsh.org>
List-unsubscribe: <mailto:zsh-workers-unsubscribe@zsh.org>
Mailing-list: contact zsh-workers-help@xxxxxxx; run by ezmlm

I think there is arguably a regression in the way the set built-in works in
5.8, or at least a change in behaviour that we might consider further. The
implications hadn't occurred to me until just now, sorry :/

Unlike setopt, when set gets an error back from dosetopt(), it aborts the
shell. Before 5.8, the only errors you were likely to see in the real world
were usage-related ones (e.g., `set -b` or `set -o fakeoption`). It *was*
possible to get an error if setuid() or setgid() failed, but this should be
very rare.

Now, due to the extra error checks we do, it's much more likely that
dosetopt() can return non-zero when unsetting PRIVILEGED: the functions might
not be available, the user might not have permission to do initgroups(), the
sanity checks at the end might find that we're able to restore privileges, &c.

Most of these errors are useful, but i'm not sure they should unconditionally
abort the shell.

Possibilities:

1. We could reconsider which errors should be reported and/or make dosetopt()
   return non-zero. The main one i have doubts about is the initgroups()
   permission one. It is expected that unprivileged users can't update their
   supplementary groups, so warning the user about this condition, let alone
   treating it as an error, may be excessive

2. We could do something like have dosetopt() return <0 for halting errors and
   >0 for ones non-halting, and have bin_set() handle accordingly

3. I'm over-thinking it

@Daniel, we talked about the first one before, but this particular concern
didn't come up at the time — what do you reckon?

dana


% sudo perl -e '$< = 1; $> = 2; exec("zsh", "-fc", "id; unsetopt privileged; echo still here");'
uid=1(daemon) gid=1(daemon) euid=2 egid=0(wheel) groups=...
zsh:unsetopt:1: PRIVILEGED: supplementary group list not changed due to lack of permissions: EUID=2
zsh:unsetopt:1: can't change option: privileged
still here

% sudo perl -e '$< = 1; $> = 2; exec("zsh", "-fc", "id; set +p; echo still here");'
uid=1(daemon) gid=1(daemon) euid=2 egid=0(wheel) groups=...
zsh:unsetopt:1: PRIVILEGED: supplementary group list not changed due to lack of permissions: EUID=2
zsh:set:1: can't change option: -p

Follow-Ups:
- Re: [BUG] Issue with set built-in in 5.8 (?)
  - From: Daniel Shahaf

Messages sorted by: Reverse Date, Date, Thread, Author