I was looking at this bit:
if (
#ifndef linux
getuid() == geteuid() && getgid() == getegid() &&
#endif
iflag
) {
if ((shinit = lookupvar("ENV")) != NULL && *shinit != '\0') {
read_profile(shinit);
}
}
thinking "condition order is wrong, if !iflag, calling getuid()
is pointless, we waste 4 syscalls" but then I noticed
"#ifndef linux". So, the inefficiency is not biting me, a linux user...
...but wait. (1) this check says "if we are setuid and run by non-root,
do not source $ENV". Who in their right mind would have a *setuid*
shell executable on any system where security matters?
IOW: this code is pointless anyway even for non-linux users.
And
(2) If there is some sort of standard language somewhere which says
this logic has to exist, then why we don't do this on linux?
git history shows it was there in initial import.
I propose to delete entire #ifndef/#endif block. It's likely wrong.
Alternatively, move "iflag" above "getuid() == geteuid()" checks.
$ENV handling depends on defined(linux), why??
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: $ENV handling depends on defined(linux), why??
- From: Denys Vlasenko <vda.linux@xxxxxxxxxxxxxx>
- Date: Wed, 13 Oct 2021 11:39:18 +0200
- Follow-Ups:
- Re: $ENV handling depends on defined(linux), why??
- From: Harald van Dijk
- Re: $ENV handling depends on defined(linux), why??
- Prev by Date: Re: [PATCH] Fix chkmail loop break condition
- Next by Date: Re: $ENV handling depends on defined(linux), why??
- Previous by thread: [PATCH] Fix chkmail loop break condition
- Next by thread: Re: $ENV handling depends on defined(linux), why??
- Index(es):
 |