16356 – 01msec.sh causes "-bash: TMOUT: readonly variable" error message

Bug 16356 - 01msec.sh causes "-bash: TMOUT: readonly variable" error message

Summary: 01msec.sh causes "-bash: TMOUT: readonly variable" error message

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	RPM Packages (show other bugs)
Version:	Cauldron
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	Mageia tools maintainers
QA Contact:

URL:
Whiteboard:	MGA5TOO,MGA6TOO
Keywords:

Duplicates (1):	22317 (view as bug list)
Depends on:
Blocks:

Reported:	2015-07-12 14:36 CEST by Bit Twister
Modified:	2018-09-02 22:56 CEST (History)
CC List:	12 users (show)

See Also:	22317
Source RPM:	msec-2.5-1.mga7.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Bit Twister 2015-07-12 14:36:19 CEST

Description of problem:

/etc/profile.d/01msec.sh causes "-bash: TMOUT: readonly variable" error message

Version-Release number of selected component (if applicable):


How reproducible: always


Steps to Reproduce:

You need steps 1 - 4  workaround to bypass bug 14778

1. click up a terminal
2. su - root
3. ln -s /etc/security/shell /etc/sysconfig/shell
4. exit
5. su - $USER

Result should be
$ su - $USER
Password: 
-bash: TMOUT: readonly variable



#**************** note **************

grep 500 /etc/profile.d/*


Should those be changed to UID_MIN value as seen in
grep UID_MIN /etc/login.defs



Reproducible: 

Steps to Reproduce:

Bit Twister 2016-07-06 20:20:17 CEST

Summary: 01msec.sh causes "-bash: TMOUT: readonly variable" error message => 6_s1: 01msec.sh causes "-bash: TMOUT: readonly variable" error message
Source RPM: msec-1.11-2.mga5.src.rpm => msec-2.1-1.mga6.src.rpm

Comment 1 Samuel Verschelde 2016-11-01 13:44:19 CET

Assigning to Mageia Tools maintainer group. 

To the bug reporter: is this issue still present in cauldron?

Assignee: bugsquad => mageiatools

Comment 2 Bit Twister 2016-11-01 14:36:01 CET

Yes I believe so.

 /etc/profile.d/10tmpdir.sh
is checking /etc/sysconfig/shell instead of /etc/security/shell where SECURE_TMP=yes set via mcc->Security->Configure system security, permissions and audit->Security settings->System security

Running step 3 is a workaround until /etc/profile.d/10tmpdir.sh is fixed.

My install change script disabled the problem but something put it back.
$ cat /etc/security/shell 
ALLOW_CURDIR_IN_PATH=no
UMASK_ROOT=022
SECURE_TMP=yes
#TMOUT=0
UMASK_USER=022
TMOUT=0

Which causes triggers the TMOUT message.
[bittwister@wb ~]$ su - $USER
Password: 
-bash: TMOUT: readonly variable

Samuel Verschelde 2016-11-01 15:54:11 CET

Version: 5 => Cauldron
Whiteboard: (none) => MGA5TOO

Comment 3 Bit Twister 2017-01-23 20:18:37 CET

working in 6 sta2

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Comment 4 Bit Twister 2017-01-27 12:24:26 CET

Sorry, I forgot one of install scripts patched the problem. Something reset my settings and shows the problem still exists.

$ diff -bBw /var/local/data/sys_audit/shell /etc/security/shell
3c3
< SECURE_TMP=no
---
> SECURE_TMP=yes
5a6
> TMOUT=0

Status comment: (none) => 6_s2
Status: RESOLVED => REOPENED
Resolution: FIXED => (none)
Summary: 6_s1: 01msec.sh causes "-bash: TMOUT: readonly variable" error message => 01msec.sh causes "-bash: TMOUT: readonly variable" error message
Source RPM: msec-2.1-1.mga6.src.rpm => msec-2.2-1.mga6.src.rpm

Bit Twister 2017-01-31 18:33:25 CET

Keywords: (none) => 6sta2
Status comment: 6_s2 => (none)

papoteur 2018-01-02 10:31:15 CET

CC: (none) => yves.brungard_mageia
Source RPM: msec-2.2-1.mga6.src.rpm => initscripts

Comment 5 Bit Twister 2018-01-02 12:08:08 CET

Unless you can show me otherwise I believe the Source RPM: field should contain the rpm containing the file in question.

Source RPM: initscripts => msec-2.5-1.mga7.src.rpm
Whiteboard: MGA5TOO => MGA5TOO,MGA6TOO

Comment 6 papoteur 2018-01-03 08:03:00 CET

(In reply to Bit Twister from comment #5)
> Unless you can show me otherwise I believe the Source RPM: field should
> contain the rpm containing the file in question.

Yes, this is why I changed it:
urpmf 10tmpdir.sh
initscripts:/etc/profile.d/10tmpdir.sh

You said:
> Running step 3 is a workaround until /etc/profile.d/10tmpdir.sh is fixed.

Comment 7 Bit Twister 2018-01-03 10:57:25 CET

But the typeset code causing the message is in /etc/profile.d/01msec.sh  :)

 grep TMOUT /etc/profile.d/01msec.sh
[ -n "$TMOUT" ] && type typeset > /dev/null 2>&1 && typeset -r TMOUT

Marja Van Waes 2018-01-05 11:38:41 CET

See Also: (none) => https://bugs.mageia.org/show_bug.cgi?id=22317

Comment 8 Frank Griffin 2018-01-05 13:41:38 CET

*** Bug 22317 has been marked as a duplicate of this bug. ***

CC: (none) => ftg

Nikita Krupenko 2018-01-07 00:16:05 CET

CC: (none) => krnekit

Comment 9 Robert Fox 2018-01-20 15:58:05 CET

Issue still exists as of latest Cauldron

CC: (none) => rfox

Neal Gompa 2018-01-25 17:48:41 CET

CC: (none) => ngompa13

Comment 10 Jani Välimaa 2018-01-25 19:56:39 CET

The problem is that 01msec.sh sources /etc/security/shell and sets TMOUT to readonly. Then 10tmpdir.sh sources /etc/security/shell again, but as TMOUT is already readonly bash outputs an error.

One option is to rename 01msec.sh such way that it's called after 10tmpdir.sh, but I guess there's a reason for its name. To run it at the very beginning.

CC: (none) => jani.valimaa

Comment 11 Charles Edwards 2018-02-04 23:07:21 CET

If it is bothersome and you want it to disappear simply comment out its entry in /etc/profile.d/01msec.sh


(bottom portion from 01msec.sh example)

export SECURE_LEVEL
#prevent TMOUT
#[ -n "$TMOUT" ] && type typeset > /dev/null 2>&1 && typeset -r TMOUT

# msec.sh ends here

CC: (none) => cae

Dick Gevers 2018-02-05 10:12:18 CET

CC: (none) => dvgevers

Comment 12 Shlomi Fish 2018-03-06 17:41:58 CET

Adding myself to the CC because this bug bothers me too.

CC: (none) => shlomif

Comment 13 papoteur 2018-03-08 14:34:36 CET

(In reply to Charles Edwards from comment #11)
> If it is bothersome and you want it to disappear simply comment out its
> entry in /etc/profile.d/01msec.sh
> 
> 
> (bottom portion from 01msec.sh example)
> 
> export SECURE_LEVEL
> #prevent TMOUT
> #[ -n "$TMOUT" ] && type typeset > /dev/null 2>&1 && typeset -r TMOUT
> 
> # msec.sh ends here

I plan to release msec.
Should I include this modifications, thus deleting these lines?
Or renaming 01msec.sh in 01tmsec.sh to execute it after 01tmpdir.sh?

Comment 14 Charles Edwards 2018-03-09 08:38:38 CET

If its inclusion serves a useful purpose I would say change it to run after
01tmpdir.sh.

Personally, I see no purpose and on this system I commented out the entries.

Comment 15 Olivier Blin 2018-03-29 09:32:28 CEST

Can't we just factorize /etc/security/shell sourcing in an earlier profile.d script?

CC: (none) => mageia

Curtis Hildebrand 2018-05-22 07:42:45 CEST

CC: (none) => curtis_mageia

Comment 16 Frank Griffin 2018-06-24 05:53:09 CEST

Ping ?

Comment 17 Raphael Gertz 2018-09-02 22:56:10 CEST

I fixed resourcing of /etc/security/shell in profile.d script by associating it sourcing with a SECSHELL variable.

The problem should be considered fixed when initscripts-9.78-6.mga7 and msec-2.6-4.mga7 reach cauldron mirrors.

I fixed /etc/profile.d/{01msec.sh,10tmpdir.sh} for this resourcing if other scripts are affected feel free to use this new block in it :

if [ -z "$SECSHELL" -a -r /etc/security/shell ]; then
    . /etc/security/shell
    export SECSHELL=1
fi

Best regards

Status: REOPENED => RESOLVED
CC: (none) => mageia
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.