main/bash: fix setuid bug

ref #2990
fixes #2992

(cherry picked from commit 15eb98780f3c051d2835df3860b5bcba16bf1aae)

Conflicts:
	main/bash/APKBUILD

2 files changed, 36 insertions, 1 deletions

diff --git a/main/bash/APKBUILD b/main/bash/APKBUILD
index 525c55941c..96b8910493 100644
--- a/main/bash/APKBUILD
+++ b/main/bash/APKBUILD
@@ -5,7 +5,7 @@ pkgver=4.2.045
 _patchlevel=${pkgver##*.}
 _myver=${pkgver%.*}
 _patchbase=${_myver%.*}${_myver#*.}
-pkgrel=0
+pkgrel=1
 pkgdesc="The GNU Bourne Again shell"
 arch="all"
 license='GPL'
@@ -15,6 +15,7 @@ depends=
 subpackages="$pkgname-doc"
 source="http://ftp.gnu.org/gnu/bash/bash-${_myver}.tar.gz
 	bash-noinfo.patch
+	bash_4.3-fix-setuid.patch
 	"
 # generate url's to patches. note: no forks allowed!
 _i=1
@@ -68,6 +69,7 @@ package() {
 }
 md5sums="3fb927c7c33022f1c327f14a81c0d4b0  bash-4.2.tar.gz
 80fec5f3d60a63756a4999c877e31a8e  bash-noinfo.patch
+c87b8d9e12d628eac829dc08f4607a20  bash_4.3-fix-setuid.patch
 1100bc1dda2cdc06ac44d7e5d17864a3  bash42-001
 30e7948079921d3261efcc6a40722135  bash42-002
 9ea06decec43a198f3d7cf29acc602f8  bash42-003
@@ -115,6 +117,7 @@ b4b11d64b45ea9ec50dcc74c6c3861f6  bash42-044
 1661bcc83c4715f54368877452ff2247  bash42-045"
 sha256sums="a27a1179ec9c0830c65c6aa5d7dab60f7ce1a2a608618570f96bfa72e95ab3d8  bash-4.2.tar.gz
 363bc919d98cadbfca27660be0d1d4bb6cfe1c5f86a7830966e456df36e46792  bash-noinfo.patch
+3deb20a2ad093ad318a0aac7a2b69674ba325a59c9e5d2dc67f852d40a6cc177  bash_4.3-fix-setuid.patch
 8d6ca028576c4af23e660a2fbc2112221a11c8a785c0b37f033967e5cd12b47a  bash42-001
 febac927e199aceeba2004908d971d4afb49b521796c3f42d1166f9fbbfbcef9  bash42-002
 5a0a7c15018c87348ea87cb0beea14345faf878dbb0e25c17fa70677194cb4cd  bash42-003
@@ -162,6 +165,7 @@ dc2683840f3e890a9c5f85338366ff6cd923285e558eb46aa818a03fa67c5c57  bash42-043
 ddb7eff0f59d394a483b09feec3771d9026f81ba90afac32846a19b172b2986d  bash42-045"
 sha512sums="fdd3c230f4f7a687d36db1b8f7baab5e553cf55756e2d49a88ffaa4260c8cb949897dec9f48655e96608ef0093ac101b60c132060f06c711c0ab81aa3f148b5c  bash-4.2.tar.gz
 74d51550cc03410f22ffea13f6452350d1e5564bff619fb07a5bbef14ca565fbe03770a2c0041292732cda16e8944b33ccbd0dfe29a606a068fedabe277cd6ae  bash-noinfo.patch
+b9e035f6a781dd4bb3c58f4de9922e7a3c68a0e38c1538f351c638469b70b031fe019e7f1d626e8db8239a13809f0c8dfa291caf930ed206345a80fa3cff3f80  bash_4.3-fix-setuid.patch
 931f2f1d4e677925b5057558ea6f157073a9ba87bf4ed59e7d8fe20957c5fc40f3384a98fc4a2d5d7b458129ec096d9e28a860b6844ebf15f377778a6ef8aade  bash42-001
 b9ca62e397a05b368b74920d8d1b168367ffe840cf168e312b530c5b390cef3ca53e31db63c9fe15fe1a36e4c98369bf10573db40d20712fb1a016f10e0fc893  bash42-002
 6cf944ab0f554ab53831cbe114f771671c7a9420778d2caa524c09a24ec8064e7a7ef1355e66ed3a53100b72736284a5b44e2c6bda03a8234a2f2d340ed47ce4  bash42-003
diff --git a/main/bash/bash_4.3-fix-setuid.patch b/main/bash/bash_4.3-fix-setuid.patch
new file mode 100644
index 0000000000..4f8a7a0999
--- /dev/null
+++ b/main/bash/bash_4.3-fix-setuid.patch
@@ -0,0 +1,31 @@
+diff --git shell.c shell.c
+index bbc8a66..5bfd466 100644
+--- shell.c
++++ shell.c
+@@ -1226,8 +1226,12 @@ uidget ()
+ void
+ disable_priv_mode ()
+ {
+-  setuid (current_user.uid);
+-  setgid (current_user.gid);
++   
++  if( (setuid (current_user.uid) !=0) ||  (setgid (current_user.gid) != 0) ){
++     report_error("Drop privileges failed!!\n");
++     exit(EX_DROPFAIL);
++  }
++  
+   current_user.euid = current_user.uid;
+   current_user.egid = current_user.gid;
+ }
+diff --git shell.h shell.h
+index 243e467..c3625be 100644
+--- shell.h
++++ shell.h
+@@ -72,6 +72,7 @@ extern int EOF_Reached;
+ #define EX_REDIRFAIL	259	/* redirection failed */
+ #define EX_BADASSIGN	260	/* variable assignment error */
+ #define EX_EXPFAIL	261	/* word expansion failed */
++#define EX_DROPFAIL  262   /* Drop privileges failed */
+ 
+ /* Flag values that control parameter pattern substitution. */
+ #define MATCH_ANY	0x000