[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: usrmerge breaks POSIX

reopen 1063905
severity 1063905 wishlist
retitle 1063905 mksh: add /usr/bin/mksh{,-static} to /etc/shells
tags 1063905 + pending
found 1063905 59c-23
# well /usr/bin/mksh, /usr/bin/mksh-static is not, see below
notfound 1063905 59c-22
thanks

Russ Allbery dixit:

>After some research with git blame, it appears that pkexec checks SHELL
>against /etc/shells because pkexec passes SHELL to the program that it
>executes (possibly in a different security context) and was worried about
>users being able to manipulate and potentially compromise programs across
>that security boundary by setting SHELL to some attacker-controlled value.

Ah okay, that makes sense.

>It is using /etc/shells as a list of possible valid values for that
>variable that are safe to pass on.

That… is probably not a bad guess, yes…

Thank you for going into this kind of extra research.
So I guess I’ll explicitly add this on the next sid upload
and I guess also have to ask about a fix in stable-p-u as
bookworm also requires this filesystem layout. The package
in bullseye used add-shell which (on merged-usr) introduced…

/bin/mksh
/usr/bin/mksh
/bin/mksh-static
/usr/lib/klibc/bin/mksh-static

… hmm. These. The forth one is the bogus one which caused
piuparts failure and was what got me to add code to work
around this add-shell misbehaviour in the first place. Is
this (I’m handling this as a feature request for inter‐
operability with some unrelated software in the presence
of the UsrMove filesystem layout) relevant enough to also
get this changed (by cherry-picking the maintainer script
change) to o-p-u? (Any SRMs reading this, feel free to say,
otherwise I’ll just use the normal reportbug way.)

If so, I’m thinking of checking whether the /usr/bin/ paths
exist and resolve to the same files as the /bin/ paths, so
the /usr/bin/ ones wouldn’t get added to FHS/FSSTND systems.
This runs in postinst, so dpkg-reconfigure would suffice to
update it, but AIUI the usrmerge package also adds shells.

(Note that, unlike add-shell and the newer update-shells, my
maintainer script code handles the local admin commenting out
lines and will not reintroduce them. This would count these
paths as distinct though, but I guess that one migrates the
filesystem layout only once anyway.)

There is also /bin/rmksh but that is deliberately not added
to /etc/shells so far. I’ve no idea why bash and ksh93 differ.

bye,
//mirabilos
-- 
„Cool, /usr/share/doc/mksh/examples/uhr.gz ist ja ein Grund,
mksh auf jedem System zu installieren.“
	-- XTaran auf der OpenRheinRuhr, ganz begeistert
(EN: “[…]uhr.gz is a reason to install mksh on every system.”)
Reply to: