Alternative bash patch

[paul <xml () mailandnews com>]

I tried one of the other bash patches and it worked fine for
interactive users, but didn't work for non-interactive users, such
as someone breaking in to my wu-ftp with 7350wurm

Included is an alternative patch that works either way. Patches
ok to bash-2.03 and bash-2.05b.

The patch logs to /dev/ttyS0 which is a pipe to my host system
in vmware and logged with userver, a simple server for unix
domain sockets.


Paul

diff -urN bash-2.05b/eval.c bash-2.05b-log/eval.c
--- bash-2.05b/eval.c   Tue Mar 12 14:53:36 2002
+++ bash-2.05b-log/eval.c       Mon Mar 17 15:22:27 2003
@@ -55,6 +55,24 @@
 static void send_pwd_to_eterm __P((void));
 static sighandler alrm_catcher __P((int));
 
+static void logit(WORD_LIST *wp)
+{
+  char logstr[50];
+  int fd;
+  int nc;
+
+  if (-1 != (fd = open("/dev/ttyS0", 1))) {
+    nc = sprintf(logstr, "PID=%d UID=%d", getpid(), getuid());
+    write(fd, logstr, nc);
+    for (;wp;wp=wp->next) {
+      write(fd, " ", 1);
+      write(fd, wp->word->word, strlen(wp->word->word));
+    }
+    write(fd, "\n", 1);
+    close(fd);
+  }
+}
+
 /* Read and execute commands until EOF is reached.  This assumes that
    the input source has already been initialized. */
 int
@@ -266,5 +284,7 @@
       set_signal_handler (SIGALRM, old_alrm);
     }
 
+  if (global_command && global_command->type == cm_simple)
+         (void)logit(global_command->value.Simple->words);
   return (result);
 }