BugTraq
Re: [oss-security] Bug in bash <= 4.3 [security feature bypassed] Jun 04 2014 09:13AM
Jose Carlos Luna Duran (jose carlos luna gmail com) (2 replies)
Re: [FD] [oss-security] Bug in bash <= 4.3 [security feature bypassed] Jun 05 2014 08:03AM
lists notatla org uk
Jose Carlos Luna Duran writes:

> In my opinion the drop of privs in bash was mostly a "help" measure
> for poorly written setuid programs executing system() calls. I don't
> think is the role of bash to do this ...

True, but it is a slight help and I'm in favour of keeping it.

> Correct me if I'm wrong, but even in that case there is another "help"
> measure that has been implemented at least in linux kernels > 3.1:
> http://lxr.free-electrons.com/source/kernel/sys.c?v=3.1#L628

For permanent dropping of privilege I suggest calling setgid() and
setuid() to the desired values *twice* (and ignore the return code).
Then try to reset to the original values (should fail; ignore return code).

Then test that the real and effective values are the same and are the
ones you want - that's the result that indicates success in this case.
And exit() if failed.

That's the simple usage guide - David Wagner has written at length on
the technicalities.

[ reply ]
Re: [FD] [oss-security] Bug in bash <= 4.3 [security feature bypassed] Jun 04 2014 11:39PM
Hector Marco (hecmargi upv es) (1 replies)
Re: [FD] [oss-security] Bug in bash <= 4.3 [security feature bypassed] Jun 06 2014 02:51AM
Jeffrey Walton (noloader gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus