From mellon@happy.checkpoint.com  Wed Apr 26 15:40:52 2000
Return-Path: <mellon@happy.checkpoint.com>
Received: from happy.checkpoint.com (happy.checkpoint.com [199.203.156.41])
	by hub.freebsd.org (Postfix) with ESMTP id 1DF1837BA73
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 26 Apr 2000 15:40:50 -0700 (PDT)
	(envelope-from mellon@happy.checkpoint.com)
Received: (from mellon@localhost)
	by happy.checkpoint.com (8.9.3/8.9.3) id BAA95539;
	Thu, 27 Apr 2000 01:40:57 GMT
	(envelope-from mellon)
Message-Id: <200004270140.BAA95539@happy.checkpoint.com>
Date: Thu, 27 Apr 2000 01:40:57 GMT
From: mellon@pobox.com
Sender: mellon@happy.checkpoint.com
To: FreeBSD-gnats-submit@freebsd.org
Subject: a mistake in sh.1
X-Send-Pr-Version: 3.2

>Number:         18243
>Category:       docs
>Synopsis:       wrong description of -p option in sh(1) manpage
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    alex
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          doc-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Apr 26 15:50:01 PDT 2000
>Closed-Date:    Fri Jun 8 05:10:37 PDT 2001
>Last-Modified:  Fri Jun 08 05:11:54 PDT 2001
>Originator:     Anatoly Vorobey
>Release:        FreeBSD 5.0-CURRENT i386
>Organization:
>Environment:

	-CURRENT

>Description:

A simple mistake in the manpage of sh(1). The patch below
is self-explanatory. The relevant code handling the option is in
bin/sh/options.s

>How-To-Repeat:

>Fix:

--- sh.1.old	Thu Apr 27 01:33:32 2000
+++ sh.1	Thu Apr 27 01:37:44 2000
@@ -229,7 +229,7 @@
 .It Fl p Li privileged
 Turn on privileged mode.  This mode is enabled on startup
 if either the effective user or group id is not equal to the
-real user or group id.  Turning this mode off sets the
+real user or group id.  Turning this mode on sets the
 effective user and group ids to the real user and group ids.
 When this mode is enabled for interactive shells, the file
 .Pa /etc/suid_profile





>Release-Note:
>Audit-Trail:

From: Sheldon Hearn <sheldonh@uunet.co.za>
To: mellon@pobox.com
Cc: FreeBSD-gnats-submit@FreeBSD.ORG, martin@FreeBSD.org
Subject: Re: docs/18243: a mistake in sh.1 
Date: Thu, 27 Apr 2000 09:54:07 +0200

 On Thu, 27 Apr 2000 01:40:57 GMT, mellon@pobox.com wrote:
 
 >  .It Fl p Li privileged
 >  Turn on privileged mode.  This mode is enabled on startup
 >  if either the effective user or group id is not equal to the
 > -real user or group id.  Turning this mode off sets the
 > +real user or group id.  Turning this mode on sets the
 >  effective user and group ids to the real user and group ids.
 
 Weird, I don't get this at all.  My take on the code is that it should
 say something like:
 
 	Set the effective user and group ids
 	to the real user and group ids respectively
 	if this option is enabled on startup.
 
 The existing text doesn't make any sense to me.  Am I right with my
 description?
 
 Ciao,
 Sheldon.
 

From: Anatoly Vorobey <mellon@pobox.com>
To: Sheldon Hearn <sheldonh@uunet.co.za>
Cc: FreeBSD-gnats-submit@FreeBSD.ORG, martin@FreeBSD.ORG
Subject: Re: docs/18243: a mistake in sh.1
Date: Thu, 27 Apr 2000 04:12:46 -0400

 You, Sheldon Hearn, were spotted writing this on Thu, Apr 27, 2000 at 09:54:07AM +0200:
 > 
 > On Thu, 27 Apr 2000 01:40:57 GMT, mellon@pobox.com wrote:
 > 
 > >  .It Fl p Li privileged
 > >  Turn on privileged mode.  This mode is enabled on startup
 > >  if either the effective user or group id is not equal to the
 > > -real user or group id.  Turning this mode off sets the
 > > +real user or group id.  Turning this mode on sets the
 > >  effective user and group ids to the real user and group ids.
 > 
 > Weird, I don't get this at all.  My take on the code is that it should
 > say something like:
 > 
 > 	Set the effective user and group ids
 > 	to the real user and group ids respectively
 > 	if this option is enabled on startup.
 > 
 > The existing text doesn't make any sense to me.  Am I right with my
 > description?
 
 Yes. The option exists to guard against suid shell scripts (I presume)
 by denying the shell any privileges it has from the suid bit. The
 existing text, however, intends to describe both the effect of the
 option and the general effect of the shell running suid. It calls
 the former "turning the option on" and the latter "enabling the option"
 referring to *different* things by these which is damn confusing. If the
 shell is running suid, a different profile file is sourced and $ENV
 is ignored -- both regardless of the -p option -- and the text tries to 
 explain this. 
 
 I think the description of different behavior under suid should be
 put elsewhere earlier in the manpage, and referred to as running in
 the privileged mode, while -p should be described as you did together
 with stating that it only works in privileged mode. There's no point
 in describing -p as "turning the privileged mode on" anyway because
 it would be typically used to take extra privileges away rather than
 enable them.
 
 If you can hack this, more power to you! I tried to rewrite this
 paragraph coherently, but gave up soon; thus the fix in my PR only
 fixed the most obvious error, while secretly hoping people'll notice
 the general stylistic conundrum. It worked ;)
 
 -- 
 Anatoly Vorobey,
 mellon@pobox.com http://pobox.com/~mellon/
 "Angels can fly because they take themselves lightly" - G.K.Chesterton
 
Responsible-Changed-From-To: freebsd-doc->alex 
Responsible-Changed-By: alex 
Responsible-Changed-When: Sat Jul 15 02:02:56 PDT 2000 
Responsible-Changed-Why:  
I think the current behaviour w/ -p is a bug of sh, not of the documentation. 
However, I have my hands in it now, and will take a look at it after 
I have comments about the possible bug. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=18243 
State-Changed-From-To: open->closed 
State-Changed-By: alex 
State-Changed-When: Fri Jun 8 05:10:37 PDT 2001 
State-Changed-Why:  
sh behaves exactly as stated in the manpage. 
Remember that +p disables an option, i.e. "turning it off". 
This is also done in the source: 
"+" -> val == 0 -> only setuid(getuid()),  if !val && priviledged. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=18243 
>Unformatted:
