View previous topic :: View next topic |
Author |
Message |
John R. Graham Administrator
Joined: 08 Mar 2005 Posts: 10591 Location: Somewhere over Atlanta, Georgia
|
Posted: Fri Jan 10, 2014 3:22 pm Post subject: Bash Artifact: Reported Group Membership Incorrect |
|
|
I have a strange situation with (at least) one of my Linux development machines: Code: | IPSN-JOHNGRAH2 ~ $ set | egrep '(GROUPS|USER)='
GROUPS=()
USER=johngrah | For some reason, the definition of the GROUPS variable is not showing my actual group membership, which is inconsistent with the documented behavior of bash and the contents of the /etc/group file: Code: | IPSN-JOHNGRAH2 ~ # grep johngrah /etc/group
wheel:x:10:root,johngrah
floppy:x:11:root,haldaemon,johngrah
uucp:x:14:uucp,johngrah
audio:x:18:johngrah
cdrom:x:19:haldaemon,johngrah
dialout:x:20:root,johngrah
video:x:27:root,johngrah
cdrw:x:80:haldaemon,johngrah
usb:x:85:haldaemon,johngrah
users:x:100:games,johngrah
portage:x:250:portage,johngrah
plugdev:x:1003:haldaemon,johngrah
games:x:35:johngrah
android:x:996:johngrah
johngrah:x:1000:johngrah
archival:x:1013:johngrah
wireshark:x:995:johngrah | The filesystem permissions appear to be applied correctly based on the actual group membership defined in /etc/group, so this appears to be a Bash artifact. Has anyone encountered this?
- John _________________ I can confirm that I have received between 0 and 499 National Security Letters. |
|
Back to top |
|
|
platojones Veteran
Joined: 23 Oct 2002 Posts: 1602 Location: Just over the horizon
|
Posted: Fri Jan 10, 2014 4:07 pm Post subject: |
|
|
Isn't GROUPS an array of group IDS?
Code: | for i in ${GROUPS[@]}; do echo $i; done
|
|
|
Back to top |
|
|
aCOSwt Bodhisattva
Joined: 19 Oct 2007 Posts: 2537 Location: Hilbert space
|
Posted: Fri Jan 10, 2014 4:08 pm Post subject: |
|
|
I certainly did not understand your question.
Code: | acoswt@PrimaPratica ~ $ set | egrep GROUPS
GROUPS=([0]="10000" [1]="10" [2]="18" [3]="19" [4]="27" [5]="35" [6]="106" [7]="250" [8]="7" [9]="10003")
acoswt@PrimaPratica ~ $ echo $GROUPS
10000
|
Contrarily to USER, GROUPS is an array.
Only your[set | egrep '(GROUPS|USER)=] command is incorrect.
BTW, what does this have to do with kernel & hardware ?
I certainly misunderstood something. _________________
|
|
Back to top |
|
|
platojones Veteran
Joined: 23 Oct 2002 Posts: 1602 Location: Just over the horizon
|
Posted: Fri Jan 10, 2014 4:19 pm Post subject: |
|
|
There is something odd going on. The first time I tried the OPs original command, I got exactly the same result he did. After explicitly printing the GROUPS array with a loop, I tried the exact same command again and it worked as expected. |
|
Back to top |
|
|
aCOSwt Bodhisattva
Joined: 19 Oct 2007 Posts: 2537 Location: Hilbert space
|
Posted: Fri Jan 10, 2014 4:39 pm Post subject: |
|
|
You are correct platojones. I confirm.
EDIT : Even set | grep GROUPS does not output anything before one echo $GROUPS is asked for. _________________
|
|
Back to top |
|
|
John R. Graham Administrator
Joined: 08 Mar 2005 Posts: 10591 Location: Somewhere over Atlanta, Georgia
|
Posted: Fri Jan 10, 2014 4:50 pm Post subject: |
|
|
aCOSwt wrote: | Only your[set | egrep '(GROUPS|USER)=] command is incorrect. | That turns out not to be the case. With your output, my regex works: Code: | IPSN-JOHNGRAH2 ~ # echo 'GROUPS=([0]="10000" [1]="10" [2]="18" [3]="19" [4]="27" [5]="35" [6]="106" [7]="250" [8]="7" [9]="10003")' | egrep '(GROUPS|USER)='
GROUPS=([0]="10000" [1]="10" [2]="18" [3]="19" [4]="27" [5]="35" [6]="106" [7]="250" [8]="7" [9]="10003") | see? aCOSwt wrote: | BTW, what does this have to do with kernel & hardware ? | I originally though the actual group membership was messed up. Nevertheless, this doesn't seem to fit anywhere very well. Would you prefer P&P?
Edit: Ah! Very strange. I can duplicate your results as well: Code: | IPSN-JOHNGRAH2 ~ $ bash
IPSN-JOHNGRAH2 ~ $ set | grep GROUPS
GROUPS=()
IPSN-JOHNGRAH2 ~ $ echo $GROUPS
1000
IPSN-JOHNGRAH2 ~ $ set | grep GROUPS
GROUPS=([0]="1000" [1]="11" [2]="14" [3]="18" [4]="19" [5]="20" [6]="27" [7]="35" [8]="80" [9]="85" [10]="100" [11]="250" [12]="995" [13]="996" [14]="10" [15]="1003" [16]="1013")
IPSN-JOHNGRAH2 ~ $ | - John _________________ I can confirm that I have received between 0 and 499 National Security Letters. |
|
Back to top |
|
|
John R. Graham Administrator
Joined: 08 Mar 2005 Posts: 10591 Location: Somewhere over Atlanta, Georgia
|
Posted: Fri Jan 10, 2014 7:00 pm Post subject: |
|
|
I'll be filing an upstream bug.
(Quietly moved to "Other Things Gentoo".)
- John _________________ I can confirm that I have received between 0 and 499 National Security Letters.
Last edited by John R. Graham on Fri Jan 10, 2014 9:31 pm; edited 1 time in total |
|
Back to top |
|
|
nix213 n00b
Joined: 08 Feb 2013 Posts: 23 Location: Illinois
|
Posted: Fri Jan 10, 2014 8:25 pm Post subject: |
|
|
In the meantime you could always just put this in your bashrc:
Code: | for i in ${GROUPS[@]}; do echo $i; done > /dev/null |
_________________ "Wherever you go, go with all your heart." -Confucius |
|
Back to top |
|
|
John R. Graham Administrator
Joined: 08 Mar 2005 Posts: 10591 Location: Somewhere over Atlanta, Georgia
|
Posted: Fri Jan 10, 2014 9:46 pm Post subject: |
|
|
The Bash source code is giving me a headache. Meanwhile, I can report that at least one other automagically initialized array variable suffers from this same issue: DIRSTACK.
- John _________________ I can confirm that I have received between 0 and 499 National Security Letters. |
|
Back to top |
|
|
platojones Veteran
Joined: 23 Oct 2002 Posts: 1602 Location: Just over the horizon
|
Posted: Fri Jan 10, 2014 10:00 pm Post subject: |
|
|
Checking the CHANGES file in the bash-4.2 source code, I grep'ed the following change statement:
Quote: | u. Bash only initializes FUNCNAME, GROUPS, and DIRSTACK as special variables
if they're not in the initial environment. |
Seems like that would be it. Looks like they did it on purpose for some reason. |
|
Back to top |
|
|
John R. Graham Administrator
Joined: 08 Mar 2005 Posts: 10591 Location: Somewhere over Atlanta, Georgia
|
Posted: Fri Jan 10, 2014 10:09 pm Post subject: |
|
|
That actually doesn't appear to be it to me. They're clearly special variables as, once you reference them through parameter expansion, they exist. The changelog entry you found notes new protection from something like this: Code: | IPSN-JOHNGRAH2 ~ $ bash
IPSN-JOHNGRAH2 ~ $ unset GROUPS
IPSN-JOHNGRAH2 ~ $ export GROUPS="Fred"
IPSN-JOHNGRAH2 ~ $ bash
IPSN-JOHNGRAH2 ~ $ echo $GROUPS
Fred
IPSN-JOHNGRAH2 ~ $ exit
exit
IPSN-JOHNGRAH2 ~ $ exit | That new rule protects the already established GROUPS environment variable from being clobbered by the special definition.
- John _________________ I can confirm that I have received between 0 and 499 National Security Letters. |
|
Back to top |
|
|
platojones Veteran
Joined: 23 Oct 2002 Posts: 1602 Location: Just over the horizon
|
Posted: Fri Jan 10, 2014 10:25 pm Post subject: |
|
|
Thanks. I see what they are saying now.
It seems interesting that 2 of the variables you found that have the odd behavior are the ones specified by that rule.
UPDATE: OK, probably it's all special array variables. The BASH_CMDS variable does the same thing as well. |
|
Back to top |
|
|
John R. Graham Administrator
Joined: 08 Mar 2005 Posts: 10591 Location: Somewhere over Atlanta, Georgia
|
Posted: Sat Jan 11, 2014 10:56 pm Post subject: |
|
|
I've created a provisional fix. Discussing the following patch with the bug-bash mailing list: bash-4.2-set-builtin-fix.patch: | diff -ubB old/variables.c new/variables.c
--- old/variables.c 2014-01-11 17:29:31.880925869 -0500
+++ new/variables.c 2014-01-11 17:29:40.327592462 -0500
@@ -940,7 +940,10 @@
for (i = 0; list && (var = list[i]); i++)
if (invisible_p (var) == 0)
+ {
+ var = find_variable(var->name);
print_assignment (var);
+ }
}
/* Print LIST (a list of shell functions) to stdout in such a way that | - John _________________ I can confirm that I have received between 0 and 499 National Security Letters. |
|
Back to top |
|
|
John R. Graham Administrator
Joined: 08 Mar 2005 Posts: 10591 Location: Somewhere over Atlanta, Georgia
|
Posted: Tue Jan 14, 2014 2:50 pm Post subject: |
|
|
Chet Ramsey, the primary Bash maintainer, has rejected the patch because it causes each of the dynamic variables' generate functions to be called each time that "set" is run. He thinks the current behavior is acceptable. Admittedly, it's a corner case.
- John _________________ I can confirm that I have received between 0 and 499 National Security Letters. |
|
Back to top |
|
|
nix213 n00b
Joined: 08 Feb 2013 Posts: 23 Location: Illinois
|
Posted: Thu Jan 23, 2014 1:35 am Post subject: |
|
|
I think a better way to fix this would be to change something in the "get_groupset" function (line#1495 in variables.c), but I've played with it and can't seem to get it working.
there's an interesting comment right there which you may find relevant as well:
Quote: |
/* We don't want to initialize the group set with a call to getgroups()
unless we're asked to, but we only want to do it once. */ |
_________________ "Wherever you go, go with all your heart." -Confucius |
|
Back to top |
|
|
John R. Graham Administrator
Joined: 08 Mar 2005 Posts: 10591 Location: Somewhere over Atlanta, Georgia
|
Posted: Thu Jan 23, 2014 3:19 am Post subject: |
|
|
Just for your own edification (as I've accepted the maintainer's position), no change to get_groupset() will correct this issue because the current code in print_var_list() will never call it. That's what my patch is about: ensuring that all of the generator functions for the dynamic variables are called.
- John _________________ I can confirm that I have received between 0 and 499 National Security Letters. |
|
Back to top |
|
|
|