Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Bash Artifact: Reported Group Membership Incorrect
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Other Things Gentoo
View previous topic :: View next topic  
Author Message
John R. Graham
Administrator
Administrator


Joined: 08 Mar 2005
Posts: 10587
Location: Somewhere over Atlanta, Georgia

PostPosted: Fri Jan 10, 2014 3:22 pm    Post subject: Bash Artifact: Reported Group Membership Incorrect Reply with quote

I have a strange situation with (at least) one of my Linux development machines:
Code:
IPSN-JOHNGRAH2 ~ $ set | egrep '(GROUPS|USER)='
GROUPS=()
USER=johngrah
For some reason, the definition of the GROUPS variable is not showing my actual group membership, which is inconsistent with the documented behavior of bash and the contents of the /etc/group file:
Code:
IPSN-JOHNGRAH2 ~ # grep johngrah /etc/group
wheel:x:10:root,johngrah
floppy:x:11:root,haldaemon,johngrah
uucp:x:14:uucp,johngrah
audio:x:18:johngrah
cdrom:x:19:haldaemon,johngrah
dialout:x:20:root,johngrah
video:x:27:root,johngrah
cdrw:x:80:haldaemon,johngrah
usb:x:85:haldaemon,johngrah
users:x:100:games,johngrah
portage:x:250:portage,johngrah
plugdev:x:1003:haldaemon,johngrah
games:x:35:johngrah
android:x:996:johngrah
johngrah:x:1000:johngrah
archival:x:1013:johngrah
wireshark:x:995:johngrah
The filesystem permissions appear to be applied correctly based on the actual group membership defined in /etc/group, so this appears to be a Bash artifact. Has anyone encountered this?

- John
_________________
I can confirm that I have received between 0 and 499 National Security Letters.
Back to top
View user's profile Send private message
platojones
Veteran
Veteran


Joined: 23 Oct 2002
Posts: 1602
Location: Just over the horizon

PostPosted: Fri Jan 10, 2014 4:07 pm    Post subject: Reply with quote

Isn't GROUPS an array of group IDS?

Code:
for i in ${GROUPS[@]}; do echo $i; done
Back to top
View user's profile Send private message
aCOSwt
Bodhisattva
Bodhisattva


Joined: 19 Oct 2007
Posts: 2537
Location: Hilbert space

PostPosted: Fri Jan 10, 2014 4:08 pm    Post subject: Reply with quote

I certainly did not understand your question.
Code:
acoswt@PrimaPratica ~ $ set | egrep GROUPS
GROUPS=([0]="10000" [1]="10" [2]="18" [3]="19" [4]="27" [5]="35" [6]="106" [7]="250" [8]="7" [9]="10003")
acoswt@PrimaPratica ~ $ echo $GROUPS
10000

Contrarily to USER, GROUPS is an array.
Only your[set | egrep '(GROUPS|USER)=] command is incorrect.

BTW, what does this have to do with kernel & hardware ?
I certainly misunderstood something.
_________________
Back to top
View user's profile Send private message
platojones
Veteran
Veteran


Joined: 23 Oct 2002
Posts: 1602
Location: Just over the horizon

PostPosted: Fri Jan 10, 2014 4:19 pm    Post subject: Reply with quote

There is something odd going on. The first time I tried the OPs original command, I got exactly the same result he did. After explicitly printing the GROUPS array with a loop, I tried the exact same command again and it worked as expected.
Back to top
View user's profile Send private message
aCOSwt
Bodhisattva
Bodhisattva


Joined: 19 Oct 2007
Posts: 2537
Location: Hilbert space

PostPosted: Fri Jan 10, 2014 4:39 pm    Post subject: Reply with quote

8O You are correct platojones. I confirm. :?

EDIT : Even set | grep GROUPS does not output anything before one echo $GROUPS is asked for.
_________________
Back to top
View user's profile Send private message
John R. Graham
Administrator
Administrator


Joined: 08 Mar 2005
Posts: 10587
Location: Somewhere over Atlanta, Georgia

PostPosted: Fri Jan 10, 2014 4:50 pm    Post subject: Reply with quote

aCOSwt wrote:
Only your[set | egrep '(GROUPS|USER)=] command is incorrect.
That turns out not to be the case. With your output, my regex works:
Code:
IPSN-JOHNGRAH2 ~ # echo 'GROUPS=([0]="10000" [1]="10" [2]="18" [3]="19" [4]="27" [5]="35" [6]="106" [7]="250" [8]="7" [9]="10003")' | egrep '(GROUPS|USER)='
GROUPS=([0]="10000" [1]="10" [2]="18" [3]="19" [4]="27" [5]="35" [6]="106" [7]="250" [8]="7" [9]="10003")
see?
aCOSwt wrote:
BTW, what does this have to do with kernel & hardware ?
I originally though the actual group membership was messed up. Nevertheless, this doesn't seem to fit anywhere very well. Would you prefer P&P?

Edit: Ah! Very strange. I can duplicate your results as well:
Code:
IPSN-JOHNGRAH2 ~ $ bash
IPSN-JOHNGRAH2 ~ $ set | grep GROUPS
GROUPS=()
IPSN-JOHNGRAH2 ~ $ echo $GROUPS
1000
IPSN-JOHNGRAH2 ~ $ set | grep GROUPS
GROUPS=([0]="1000" [1]="11" [2]="14" [3]="18" [4]="19" [5]="20" [6]="27" [7]="35" [8]="80" [9]="85" [10]="100" [11]="250" [12]="995" [13]="996" [14]="10" [15]="1003" [16]="1013")
IPSN-JOHNGRAH2 ~ $
- John
_________________
I can confirm that I have received between 0 and 499 National Security Letters.
Back to top
View user's profile Send private message
John R. Graham
Administrator
Administrator


Joined: 08 Mar 2005
Posts: 10587
Location: Somewhere over Atlanta, Georgia

PostPosted: Fri Jan 10, 2014 7:00 pm    Post subject: Reply with quote

I'll be filing an upstream bug.

(Quietly moved to "Other Things Gentoo".)

- John
_________________
I can confirm that I have received between 0 and 499 National Security Letters.


Last edited by John R. Graham on Fri Jan 10, 2014 9:31 pm; edited 1 time in total
Back to top
View user's profile Send private message
nix213
n00b
n00b


Joined: 08 Feb 2013
Posts: 23
Location: Illinois

PostPosted: Fri Jan 10, 2014 8:25 pm    Post subject: Reply with quote

In the meantime you could always just put this in your bashrc:

Code:
for i in ${GROUPS[@]}; do echo $i; done > /dev/null

_________________
"Wherever you go, go with all your heart." -Confucius
Back to top
View user's profile Send private message
John R. Graham
Administrator
Administrator


Joined: 08 Mar 2005
Posts: 10587
Location: Somewhere over Atlanta, Georgia

PostPosted: Fri Jan 10, 2014 9:46 pm    Post subject: Reply with quote

The Bash source code is giving me a headache. Meanwhile, I can report that at least one other automagically initialized array variable suffers from this same issue: DIRSTACK.

- John
_________________
I can confirm that I have received between 0 and 499 National Security Letters.
Back to top
View user's profile Send private message
platojones
Veteran
Veteran


Joined: 23 Oct 2002
Posts: 1602
Location: Just over the horizon

PostPosted: Fri Jan 10, 2014 10:00 pm    Post subject: Reply with quote

Checking the CHANGES file in the bash-4.2 source code, I grep'ed the following change statement:

Quote:
u. Bash only initializes FUNCNAME, GROUPS, and DIRSTACK as special variables
if they're not in the initial environment.


Seems like that would be it. Looks like they did it on purpose for some reason.
Back to top
View user's profile Send private message
John R. Graham
Administrator
Administrator


Joined: 08 Mar 2005
Posts: 10587
Location: Somewhere over Atlanta, Georgia

PostPosted: Fri Jan 10, 2014 10:09 pm    Post subject: Reply with quote

That actually doesn't appear to be it to me. They're clearly special variables as, once you reference them through parameter expansion, they exist. The changelog entry you found notes new protection from something like this:
Code:
IPSN-JOHNGRAH2 ~ $ bash
IPSN-JOHNGRAH2 ~ $ unset GROUPS
IPSN-JOHNGRAH2 ~ $ export GROUPS="Fred"
IPSN-JOHNGRAH2 ~ $ bash
IPSN-JOHNGRAH2 ~ $ echo $GROUPS
Fred
IPSN-JOHNGRAH2 ~ $ exit
exit
IPSN-JOHNGRAH2 ~ $ exit
That new rule protects the already established GROUPS environment variable from being clobbered by the special definition.

- John
_________________
I can confirm that I have received between 0 and 499 National Security Letters.
Back to top
View user's profile Send private message
platojones
Veteran
Veteran


Joined: 23 Oct 2002
Posts: 1602
Location: Just over the horizon

PostPosted: Fri Jan 10, 2014 10:25 pm    Post subject: Reply with quote

Thanks. I see what they are saying now.

It seems interesting that 2 of the variables you found that have the odd behavior are the ones specified by that rule.

UPDATE: OK, probably it's all special array variables. The BASH_CMDS variable does the same thing as well.
Back to top
View user's profile Send private message
John R. Graham
Administrator
Administrator


Joined: 08 Mar 2005
Posts: 10587
Location: Somewhere over Atlanta, Georgia

PostPosted: Sat Jan 11, 2014 10:56 pm    Post subject: Reply with quote

I've created a provisional fix. Discussing the following patch with the bug-bash mailing list:
bash-4.2-set-builtin-fix.patch:
diff -ubB old/variables.c new/variables.c
--- old/variables.c   2014-01-11 17:29:31.880925869 -0500
+++ new/variables.c   2014-01-11 17:29:40.327592462 -0500
@@ -940,7 +940,10 @@
 
   for (i = 0; list && (var = list[i]); i++)
     if (invisible_p (var) == 0)
+      {
+        var = find_variable(var->name);
         print_assignment (var);
+      }
 }
 
 /* Print LIST (a list of shell functions) to stdout in such a way that
- John
_________________
I can confirm that I have received between 0 and 499 National Security Letters.
Back to top
View user's profile Send private message
John R. Graham
Administrator
Administrator


Joined: 08 Mar 2005
Posts: 10587
Location: Somewhere over Atlanta, Georgia

PostPosted: Tue Jan 14, 2014 2:50 pm    Post subject: Reply with quote

Chet Ramsey, the primary Bash maintainer, has rejected the patch because it causes each of the dynamic variables' generate functions to be called each time that "set" is run. He thinks the current behavior is acceptable. Admittedly, it's a corner case.

- John
_________________
I can confirm that I have received between 0 and 499 National Security Letters.
Back to top
View user's profile Send private message
nix213
n00b
n00b


Joined: 08 Feb 2013
Posts: 23
Location: Illinois

PostPosted: Thu Jan 23, 2014 1:35 am    Post subject: Reply with quote

I think a better way to fix this would be to change something in the "get_groupset" function (line#1495 in variables.c), but I've played with it and can't seem to get it working.

there's an interesting comment right there which you may find relevant as well:
Quote:

/* We don't want to initialize the group set with a call to getgroups()
unless we're asked to, but we only want to do it once. */

_________________
"Wherever you go, go with all your heart." -Confucius
Back to top
View user's profile Send private message
John R. Graham
Administrator
Administrator


Joined: 08 Mar 2005
Posts: 10587
Location: Somewhere over Atlanta, Georgia

PostPosted: Thu Jan 23, 2014 3:19 am    Post subject: Reply with quote

Just for your own edification (as I've accepted the maintainer's position), no change to get_groupset() will correct this issue because the current code in print_var_list() will never call it. That's what my patch is about: ensuring that all of the generator functions for the dynamic variables are called.

- John
_________________
I can confirm that I have received between 0 and 499 National Security Letters.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Other Things Gentoo All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum