remove suid_exec program and SHOPT_SUID_EXEC

Removed due to obsolescence, security concerns and lack of interest. No distro ships suid_exec and everyone is using sudo, etc. instead. Resolves: #607
ksh93 · Mar 17, 2023 · 09811da · 09811da
1 parent 237b6df
commit 09811da
Show file tree

Hide file tree

Showing 8 changed files with 6 additions and 628 deletions.
diff --git a/src/cmd/ksh93/DESIGN b/src/cmd/ksh93/DESIGN
@@ -146,17 +146,15 @@ sh directory:
 	25.	subshell.c contains the code to save and restore
 		environments so that subshells can run without creating
 		a new process.
-	26.	suid_exec.c contains the program from running execute
-		only and/or setuid/setgid scripts.
-	27.	tdump.c contains the code to dump a parse tree into
+	26.	tdump.c contains the code to dump a parse tree into
 		a file.
-	28.	timers.c contains code for multiple event timeouts.
-	29.	trestore contains the code for restoring the parse
+	27.	timers.c contains code for multiple event timeouts.
+	28.	trestore contains the code for restoring the parse
 		tree from the file created by tdump.
-	30.	waitevent.c contains the sh_waitnotify function so
+	29.	waitevent.c contains the sh_waitnotify function so
 		that builtins can handle processing events when the
 		shell is waiting for input or for process completion.
-	31.	xec.c is the main shell execution loop.
+	30.	xec.c is the main shell execution loop.
 
 edit directory:
 	1.      completion.c contains code for command and file generation and

diff --git a/src/cmd/ksh93/Mamfile b/src/cmd/ksh93/Mamfile
@@ -1367,26 +1367,6 @@ make install
 		prev ${mam_libnetwork}
 		exec - ${CC} ${CCLDFLAGS} ${mam_cc_FLAGS} ${CCFLAGS} ${LDFLAGS} ${mam_cc_L+-L.} ${mam_cc_L+-L${INSTALLROOT}/lib} -o shcomp shcomp.o ${mam_libshell} ${mam_libnsl} ${mam_libast} -lm
 	done shcomp generated
-	make suid_exec
-		make suid_exec.o
-			make sh/suid_exec.c
-				prev include/version.h implicit
-				prev ${PACKAGE_ast_INCLUDE}/error.h implicit
-				prev ${PACKAGE_ast_INCLUDE}/sig.h implicit
-				prev ${PACKAGE_ast_INCLUDE}/ls.h implicit
-				prev FEATURE/externs implicit
-				prev ${PACKAGE_ast_INCLUDE}/ast.h implicit
-			done sh/suid_exec.c
-			prev sh/suid_exec.c
-			exec - ${CC} ${mam_cc_FLAGS} ${CCFLAGS} -I. -Iinclude -I${PACKAGE_ast_INCLUDE} -DERROR_CONTEXT_T=Error_context_t -D_API_ast=20100309 -D_PACKAGE_ast -c sh/suid_exec.c
-		done suid_exec.o generated
-		prev +ljobs
-		prev +li
-		prev ${mam_libsocket}
-		prev ${mam_libsecdb}
-		prev ${mam_libnetwork}
-		exec - ${CC} ${CCLDFLAGS} ${mam_cc_FLAGS} ${CCFLAGS} ${LDFLAGS} ${mam_cc_L+-L.} ${mam_cc_L+-L${INSTALLROOT}/lib} -o suid_exec suid_exec.o ${mam_libast} ${mam_libnsl} ${mam_libast} -lm
-	done suid_exec generated
 	make shell
 		prev libshell.a archive
 	done shell virtual
@@ -1473,10 +1453,6 @@ make install
 		exec - then ${STDCP} include/history.h ${PACKAGE_ast_INCLUDE}/history.h
 		exec - fi
 	done ${PACKAGE_ast_INCLUDE}/history.h generated
-	make ${INSTALLROOT}/bin/suid_exec
-		prev suid_exec
-		exec - ${STDCMP} 2>/dev/null -s suid_exec ${INSTALLROOT}/bin/suid_exec || { ${STDMV} ${INSTALLROOT}/bin/suid_exec ${INSTALLROOT}/bin/suid_exec.old 2>/dev/null || true; ${STDCP} suid_exec ${INSTALLROOT}/bin/suid_exec ;}
-	done ${INSTALLROOT}/bin/suid_exec generated
 	make ${INSTALLROOT}/bin/shcomp
 		prev shcomp
 		exec - ${STDCMP} 2>/dev/null -s shcomp ${INSTALLROOT}/bin/shcomp || { ${STDMV} ${INSTALLROOT}/bin/shcomp ${INSTALLROOT}/bin/shcomp.old 2>/dev/null || true; ${STDCP} shcomp ${INSTALLROOT}/bin/shcomp ;}

diff --git a/src/cmd/ksh93/README b/src/cmd/ksh93/README
@@ -144,8 +144,6 @@ The options have the following defaults and meanings:
 
     STATS        on  Add .sh.stats compound variable.
 
-    SUID_EXEC    on  Execute /etc/suid_exec for setuid, setgid script.
-
     SYSRC            Source /etc/ksh.kshrc on initializing an interactive
                      shell. This is on by default if /etc/ksh.kshrc or
                      /etc/bash.bashrc exists at compile time.
@@ -222,19 +220,6 @@ a script.  ksh93 is able to recognize files in this format and process
 them as scripts.  You can use shcomp to send out scripts when you
 don't want to give away the original script source.
 
-To be able to run setuid/setgid shell scripts, or scripts without read
-permission, the SUID_EXEC compile option must be on, and ksh must be installed
-in the /bin directory, the /usr/bin directory, the /usr/lbin directory,
-or the /usr/local/bin directory and the name must end in sh. The program
-suid_exec must be installed in the /etc directory, must be owned by root,
-and must be an SUID program.  If you must install ksh in some other directory
-and want to be able to run setuid/setgid and execute only scripts, then
-you will have to change the source code file sh/suid_exec.c explicitly.
-If you do not have ksh in one of these secure locations, /bin/sh will
-be invoked with the -p options and will fail when you execute a setuid/setgid
-and/or execute only script.  Note that ksh does not read the .profile
-or $ENV file when the real and effective user/group IDs are not equal.
-
 #### TESTING KSH ####
 
 The tests subdirectory contains a number of regression tests for ksh.

diff --git a/src/cmd/ksh93/SHOPT.sh b/src/cmd/ksh93/SHOPT.sh
@@ -36,7 +36,6 @@ SHOPT REMOTE=				# enable --rc if running as a remote shell
 SHOPT SCRIPTONLY=0			# build ksh for running scripts only; compile out the interactive shell
 SHOPT SPAWN=				# use spawnveg for fork/exec
 SHOPT STATS=1				# add .sh.stats variable
-SHOPT SUID_EXEC=1			# allow (safe) SUID/SGID shell scripts
 SHOPT SYSRC=				# attempt . /etc/ksh.kshrc if interactive
 SHOPT TEST_L=				# add 'test -l' as an alias for 'test -L'
 SHOPT TIMEOUT=				# number of seconds for shell timeout

diff --git a/src/cmd/ksh93/data/msg.c b/src/cmd/ksh93/data/msg.c
@@ -182,13 +182,6 @@ const char e_suidprofile[]	= "/etc/suid_profile";
 #if SHOPT_SYSRC
 const char e_sysrc[]		= "/etc/ksh.kshrc";
 #endif
-#ifdef BUILD_DTKSH
-   const char e_suidexec[]      = SUIDEXECPATH;
-#else
-#if SHOPT_SUID_EXEC
-   const char e_suidexec[]	= "/etc/suid_exec";
-#endif /* SHOPT_SUID_EXEC */
-#endif
 #if !SHOPT_SCRIPTONLY
 const char hist_fname[]		= "/.sh_history";
 #endif /* !SHOPT_SCRIPTONLY */

diff --git a/src/cmd/ksh93/include/path.h b/src/cmd/ksh93/include/path.h
@@ -108,9 +108,6 @@ extern const char e_mailmsg[];
 extern const char e_suidprofile[];
 extern const char e_sysprofile[];
 extern const char e_traceprompt[];
-#if SHOPT_SUID_EXEC
-    extern const char	e_suidexec[];
-#endif /* SHOPT_SUID_EXEC */
 extern const char is_alias[];
 extern const char is_builtin[];
 extern const char is_spcbuiltin[];

diff --git a/src/cmd/ksh93/sh/path.c b/src/cmd/ksh93/sh/path.c
@@ -2,7 +2,7 @@
 *                                                                      *
 *               This software is part of the ast package               *
 *          Copyright (c) 1982-2012 AT&T Intellectual Property          *
-*          Copyright (c) 2020-2022 Contributors to ksh 93u+m           *
+*          Copyright (c) 2020-2023 Contributors to ksh 93u+m           *
 *                      and is licensed under the                       *
 *                 Eclipse Public License, Version 2.0                  *
 *                                                                      *
@@ -1214,10 +1214,6 @@ pid_t path_spawn(const char *opath,register char **argv, char **envp, Pathcomp_t
 	    case EISDIR:
 		return -1;
 	    case ENOEXEC:
-#if SHOPT_SUID_EXEC
-	    case EPERM:
-		/* some systems return EPERM if setuid bit is on */
-#endif
 		errno = ENOEXEC;
 		if(spawn)
 		{
@@ -1253,10 +1249,8 @@ pid_t path_spawn(const char *opath,register char **argv, char **envp, Pathcomp_t
 	    /* FALLTHROUGH */
 	    case ENAMETOOLONG:
 #endif /* ENAMETOOLONG */
-#if !SHOPT_SUID_EXEC
 	    /* FALLTHROUGH */
 	    case EPERM:
-#endif
 		sh.path_err = errno;
 		return(-1);
 	    case ENOTDIR:
@@ -1316,64 +1310,11 @@ static noreturn void exscript(register char *path,register char *argv[],char **e
 		sh_close(sh.infd);
 	sh_setstate(sh_state(SH_FORKED));
 	sfsync(sfstderr);
-#if SHOPT_SUID_EXEC
-	/* check if file cannot open for read or script is setuid/setgid */
-	{
-		static char name[] = "/tmp/euidXXXXXXXXXX";
-		register int n;
-		register uid_t euserid;
-		char *savet=0;
-		struct stat statb;
-		if((n=sh_open(path,O_RDONLY,0)) >= 0)
-		{
-			/* move <n> if n=0,1,2 */
-			n = sh_iomovefd(n);
-			if(fstat(n,&statb)>=0 && !(statb.st_mode&(S_ISUID|S_ISGID)))
-				goto openok;
-			sh_close(n);
-		}
-		if((euserid=geteuid()) != sh.userid)
-		{
-			strncpy(name+9,fmtbase((intmax_t)sh.current_pid,10,0),sizeof(name)-10);
-			/* create an SUID open file with owner equal to effective UID */
-			if((n=open(name,O_CREAT|O_TRUNC|O_WRONLY,S_ISUID|S_IXUSR)) < 0)
-				goto fail;
-			unlink(name);
-			/* make sure that file has right owner */
-			if(fstat(n,&statb)<0 || statb.st_uid != euserid)
-				goto fail;
-			if(n!=10)
-			{
-				sh_close(10);
-				fcntl(n, F_DUPFD, 10);
-				sh_close(n);
-				n=10;
-			}
-		}
-		savet = *--argv;
-		*argv = path;
-		execve(e_suidexec,argv,envp);
-	fail:
-		/*
-		 *  The following code is just for compatibility
-		 */
-		if((n=open(path,O_RDONLY,0)) < 0)
-		{
-			errormsg(SH_DICT,ERROR_system(ERROR_NOEXEC),e_exec,path);
-			UNREACHABLE();
-		}
-		if(savet)
-			*argv++ = savet;
-	openok:
-		sh.infd = n;
-	}
-#else
 	if((sh.infd = sh_open(path,O_RDONLY,0)) < 0)
 	{
 		errormsg(SH_DICT,ERROR_system(ERROR_NOEXEC),e_exec,path);
 		UNREACHABLE();
 	}
-#endif
 	sh.infd = sh_iomovefd(sh.infd);
 #if SHOPT_ACCT
 	sh_accbegin(path) ;  /* reset accounting */