Apparently there's some strange patch applied against the Debian
version of bash, which allows suid scripts to be executed
(isn't that a security issue?).
It also seems to invalidate that documented behaviour from the manpage:
If the shell is started with the effective user (group) id not equal to
the real user (group) id, and the -p option is not supplied, no startup >files are read, shell functions are not inherited from the environment,
the SHELLOPTS, BASHOPTS, CDPATH, and GLOBIGNORE variables, if they >appear in the environment, are ignored, and the effective user id is
set to the real user id. If the -p option is supplied at invocation,
the startup behavior is the same, but the effective user id is not >reset.
So could you please either correct the behaviour or accordingly remove
that documentation and add it to a secution of deviations between
upstream and Debian?
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 300 |
Nodes: | 16 (2 / 14) |
Uptime: | 04:20:20 |
Calls: | 6,706 |
Calls today: | 6 |
Files: | 12,236 |
Messages: | 5,350,356 |