Does any distro ship the suid_exec program?

[krader1961]

At this time we don't build the suid_exec program (src/cmd/ksh93/sh/suid_exec.c). It is built by the legacy build system. That program is not on any of the distros I use or have setup for testing changes to this project. Including, macOS, OpenSuse, FreeBSD, and Ubuntu. Should we add it to the Meson config or remove that source module?

[fpmurphy]

@krader1961. Just because it is not on an distribution you use, does not mean that people are not using it. In the AT&T days, many people used download the binaries (or the sources) for their distribution directly from AT&T rather than use a package built by the distribution package maintainers.

[krader1961]

@fpmurphy, I fail to see the relevance of your comment with respect to my question. No doubt there are people using the commands in src/cmd/builtin, such as cat, grep, who, etc. Yet I'll bet there isn't a single distro other than possibly SVR4 or a distro based on it (like DYNIX/ptx) that is shipping those commands rather than the GNU or BSD versions. And those distros can continue to ship those commands from the 2016-01-10-beta or 2012-08-01-master branch (or more likely, their fork of the project). As can individuals like yourself.

On the other hand there might be a non SVR4 distro that includes the suid_exec program. There is at least one, OpenSuse, that includes the pty command. Which is why I recently added build rules for the pty command. You apparently missed the memo announcing that the focus has been narrowed from the entire AST project to just the ksh binary and closely related code. In the hope that we can generate some enthusiasm for actively maintaining ksh to keep it relevant.

[floppym]

Before the meson conversion, Gentoo Linux only installed the ksh binary. After the meson conversion, we are simply installing whatever the default install target provides.

[kernigh]

In OpenBSD 6.2, the package ksh93-20120801p1.tgz installs only ksh93, rksh93, a few static libraries (libast, libcmd, libshell), and some manuals and examples. It doesn't install suid_exec. The purpose of suid_exec is to run an execute-only, setuid, or setgid script. OpenBSD doesn't need suid_exec, because the kernel can do the same thing if the script has a #! line.

$ cat <<'EOF' >try
> #!/bin/sh
> echo running "$0"  
> EOF
$ chmod 100 try
$ sh try
sh: try: Permission denied
$ ./try
running /dev/fd/3

This try is an execute-only script, so sh try can't open it for reading, but the kernel does open it and runs /bin/sh /dev/fd/3.

I believe that suid_exec can't run suid/sgid scripts in OpenBSD. The problem is that suid_exec passes /dev/fd/10 to an issetugid shell, but in OpenBSD, an issetugid program may not open any fd(4) device. The kernel can run suid/sgid #! scripts because it allows the interpreter to open the /dev/fd/* containing the script; this allowance isn't documented.

suid_exec might still work with systems other than OpenBSD.

[siteshwar]

As noted by @krader1961, @floppym and @kernigh, none of the newer operating systems ship this binary. I don't think there is any reason to continue to build it. I am closing this issue. If any one has objection to this decision, please provide us a compelling reason.