make setuid/setgid scripts and access() work again

by reverting some OpenBSD and applying some Debian diff

exec.c

@@ -1,11 +1,11 @@
-/**	$MirOS: src/bin/mksh/exec.c,v 1.3 2005/05/25 11:31:15 tg Exp $ */
+/**	$MirOS: src/bin/mksh/exec.c,v 1.4 2005/05/25 13:45:59 tg Exp $ */
 /*	$OpenBSD: exec.c,v 1.41 2005/03/30 17:16:37 deraadt Exp $	*/
 
 #include "sh.h"
 #include <sys/stat.h>
 #include <ctype.h>
 
-__RCSID("$MirOS: src/bin/mksh/exec.c,v 1.3 2005/05/25 11:31:15 tg Exp $");
+__RCSID("$MirOS: src/bin/mksh/exec.c,v 1.4 2005/05/25 13:45:59 tg Exp $");
 
 static int	comexec(struct op *, struct tbl *volatile, char **,
 		    int volatile);
@@ -856,7 +856,7 @@ findcom(const char *name, int flags)
 		tp = tbi;
 	if (!tp && (flags & FC_PATH) && !(flags & FC_DEFPATH)) {
 		tp = tsearch(&taliases, name, h);
-		if (tp && (tp->flag & ISSET) && access(tp->val.s, X_OK) != 0) {
+		if (tp && (tp->flag & ISSET) && eaccess(tp->val.s, X_OK) != 0) {
 			if (tp->flag & ALLOC) {
 				tp->flag &= ~ALLOC;
 				afree(tp->val.s, APERM);
@@ -930,7 +930,7 @@ search_access(const char *lpath, int mode,
 
 	if (stat(lpath, &statb) < 0)
 		return -1;
-	ret = access(lpath, mode);
+	ret = eaccess(lpath, mode);
 	if (ret < 0)
 		err = errno; /* File exists, but we can't access it */
 	else if (mode == X_OK && (!S_ISREG(statb.st_mode) ||

funcs.c

@@ -1,4 +1,4 @@
-/**	$MirOS: src/bin/mksh/funcs.c,v 1.7 2005/05/25 09:39:49 tg Exp $ */
+/**	$MirOS: src/bin/mksh/funcs.c,v 1.8 2005/05/25 13:46:00 tg Exp $ */
 /*	$OpenBSD: c_ksh.c,v 1.27 2005/03/30 17:16:37 deraadt Exp $	*/
 /*	$OpenBSD: c_sh.c,v 1.29 2005/03/30 17:16:37 deraadt Exp $	*/
 /*	$OpenBSD: c_test.c,v 1.17 2005/03/30 17:16:37 deraadt Exp $	*/
@@ -13,7 +13,7 @@
 #include <ulimit.h>
 #endif
 
-__RCSID("$MirOS: src/bin/mksh/funcs.c,v 1.7 2005/05/25 09:39:49 tg Exp $");
+__RCSID("$MirOS: src/bin/mksh/funcs.c,v 1.8 2005/05/25 13:46:00 tg Exp $");
 
 int
 c_cd(char **wp)
@@ -184,7 +184,7 @@ c_pwd(char **wp)
 	}
 	p = current_wd[0] ? (physical ? get_phys_path(current_wd) : current_wd) :
 	    NULL;
-	if (p && access(p, R_OK) < 0)
+	if (p && eaccess(p, R_OK) < 0)
 		p = NULL;
 	if (!p) {
 		p = ksh_get_wd(NULL, 0);
@@ -2627,7 +2627,7 @@ test_eaccess(const char *pathl, int mode)
 	}
 #endif /* !HAVE_DEV_FD */
 
-	res = access(pathl, mode);
+	res = eaccess(pathl, mode);
 	/*
 	 * On most (all?) unixes, access() says everything is executable for
 	 * root - avoid this on files by using stat().

main.c

@@ -1,4 +1,4 @@
-/**	$MirOS: src/bin/mksh/main.c,v 1.5 2005/05/25 11:37:23 tg Exp $ */
+/**	$MirOS: src/bin/mksh/main.c,v 1.6 2005/05/25 13:46:01 tg Exp $ */
 /*	$OpenBSD: main.c,v 1.38 2005/03/30 17:16:37 deraadt Exp $	*/
 /*	$OpenBSD: tty.c,v 1.8 2005/03/30 17:16:37 deraadt Exp $	*/
 /*	$OpenBSD: io.c,v 1.21 2005/03/30 17:16:37 deraadt Exp $	*/
@@ -10,7 +10,7 @@
 #include <ctype.h>
 #include <pwd.h>
 
-__RCSID("$MirOS: src/bin/mksh/main.c,v 1.5 2005/05/25 11:37:23 tg Exp $");
+__RCSID("$MirOS: src/bin/mksh/main.c,v 1.6 2005/05/25 13:46:01 tg Exp $");
 
 extern char **environ;
 
@@ -217,6 +217,10 @@ main(int argc, char *argv[])
 	}
 
 	ksheuid = geteuid();
+	kshuid = getuid();
+	kshegid = getegid();
+	kshgid = getgid();
+
 	safe_prompt = ksheuid ? "$ " : "# ";
 	{
 		struct tbl *vp = global("PS1");
@@ -231,7 +235,7 @@ main(int argc, char *argv[])
 	}
 
 	/* Set this before parsing arguments */
-	Flag(FPRIVILEGED) = getuid() != ksheuid || getgid() != getegid();
+	Flag(FPRIVILEGED) = kshuid != ksheuid || kshgid != kshegid;
 
 	/* this to note if monitor is set on command line (see below) */
 	Flag(FMONITOR) = 127;

misc.c

@@ -1,4 +1,4 @@
-/**	$MirOS: src/bin/mksh/misc.c,v 1.3 2005/05/23 15:54:31 tg Exp $ */
+/**	$MirOS: src/bin/mksh/misc.c,v 1.4 2005/05/25 13:46:01 tg Exp $ */
 /*	$OpenBSD: misc.c,v 1.28 2005/03/30 17:16:37 deraadt Exp $	*/
 /*	$OpenBSD: path.c,v 1.12 2005/03/30 17:16:37 deraadt Exp $	*/
 
@@ -7,7 +7,7 @@
 #include <sys/param.h>	/* for MAXPATHLEN */
 #include <sys/stat.h>
 
-__RCSID("$MirOS: src/bin/mksh/misc.c,v 1.3 2005/05/23 15:54:31 tg Exp $");
+__RCSID("$MirOS: src/bin/mksh/misc.c,v 1.4 2005/05/25 13:46:01 tg Exp $");
 
 short chtypes[UCHAR_MAX+1];	/* type bits for unsigned char */
 
@@ -264,10 +264,10 @@ change_flag(enum sh_flag f,
 		}
 	} else if (f == FPRIVILEGED && oldval && !newval) {
 		/* Turning off -p? */
-		seteuid(ksheuid = getuid());
+		seteuid(ksheuid = kshuid = getuid());
 		setuid(ksheuid);
-		setegid(getgid());
+		setegid(kshegid = kshgid = getgid());
-		setgid(getgid());
+		setgid(kshegid);
 	} else if (f == FPOSIX && newval) {
 		Flag(FBRACEEXPAND) = 0;
 	}

sh.h

@@ -1,4 +1,4 @@
-/**	$MirOS: src/bin/mksh/sh.h,v 1.6 2005/05/23 16:23:19 tg Exp $ */
+/**	$MirOS: src/bin/mksh/sh.h,v 1.7 2005/05/25 13:46:01 tg Exp $ */
 /*	$OpenBSD: sh.h,v 1.27 2005/03/28 21:33:04 deraadt Exp $	*/
 /*	$OpenBSD: shf.h,v 1.5 2005/03/30 17:16:37 deraadt Exp $	*/
 /*	$OpenBSD: table.h,v 1.6 2004/12/18 20:55:52 millert Exp $	*/
@@ -112,6 +112,9 @@ EXTERN	char *	kshname;	/* $0 */
 EXTERN	pid_t	kshpid;		/* $$, shell pid */
 EXTERN	pid_t	procpid;	/* pid of executing process */
 EXTERN	uid_t	ksheuid;	/* effective uid of shell */
+EXTERN	uid_t	kshuid;		/* real uid of shell */
+EXTERN	gid_t	kshegid;	/* effective gid of shell */
+EXTERN	gid_t	kshgid;		/* real gid of shell */
 EXTERN	int	exstat;		/* exit status */
 EXTERN	int	subst_exstat;	/* exit status of last $(..)/`..` */
 EXTERN	const char *safe_prompt; /* safe prompt if PS1 substitution fails */
@@ -1239,6 +1242,7 @@ void	change_random(void);
 int	array_ref_len(const char *);
 char *	arrayname(const char *);
 void    set_array(const char *, int, char **);
+int	eaccess(const char *, int);
 
 enum Test_op {
 	TO_NONOP = 0,	/* non-operator */

var.c

@@ -1,4 +1,4 @@
-/**	$MirOS: src/bin/mksh/var.c,v 1.3 2005/05/23 15:36:56 tg Exp $ */
+/**	$MirOS: src/bin/mksh/var.c,v 1.4 2005/05/25 13:46:02 tg Exp $ */
 /*	$OpenBSD: var.c,v 1.26 2005/03/30 17:16:37 deraadt Exp $	*/
 
 #include "sh.h"
@@ -6,7 +6,7 @@
 #include <ctype.h>
 #include <time.h>
 
-__RCSID("$MirOS: src/bin/mksh/var.c,v 1.3 2005/05/23 15:36:56 tg Exp $");
+__RCSID("$MirOS: src/bin/mksh/var.c,v 1.4 2005/05/25 13:46:02 tg Exp $");
 
 /*
  * Variables
@@ -981,7 +981,7 @@ setspec(struct tbl *vp)
 			struct stat statb;
 
 			s = str_val(vp);
-			if (s[0] == '/' && access(s, W_OK|X_OK) == 0 &&
+			if (s[0] == '/' && eaccess(s, W_OK|X_OK) == 0 &&
 			    stat(s, &statb) == 0 && S_ISDIR(statb.st_mode))
 				tmpdir = str_save(s, APERM);
 		}
@@ -1179,3 +1179,26 @@ set_array(const char *var, int reset, char **vals)
 		setstr(vq, vals[i], KSH_RETURN_ERROR);
 	}
 }
+
+int
+eaccess(const char *pathname, int mode)
+{
+	bool need_uid, need_gid;
+	int rv, _errno;
+
+	if ((need_gid = (kshgid != kshegid)))
+		setregid(kshegid, kshgid);
+	if ((need_uid = (kshuid != ksheuid)))
+		setreuid(ksheuid, kshuid);
+
+	rv = access(pathname, mode);
+	_errno = errno;
+
+	if (need_gid)
+		setregid(kshgid, kshegid);
+	if (need_uid)
+		setreuid(kshuid, ksheuid);
+
+	errno = _errno;
+	return (rv);
+}