Bugtraq mailing list archives

Re: Bug in bash <= 4.3 [security feature bypassed]

From: Daryl Tester <dt-bugtraq () handcraftedcomputers com au>
Date: Thu, 05 Jun 2014 19:32:36 +0930

On 03/06/14 23:46, Hector Marco wrote:

Recently we discovered a bug in bash. After some time after reporting
it to bash developers, it has not been fixed.

...

Any comments about this issue are welcomed.

Details at:
http://hmarco.org/bugs/bash_4.3-setuid-bug.html


I'm only going by the patch presented above, so ...

1.  The program should be calling setgid() before setuid() (which is
another common class of security mistake).

2.  Why is exit() returning values greater than 255?  It's not capable
of doing that under (most) Unix environments.

--
Regards,
 Daryl Tester
 Handcrafted Computers Pty. Ltd.

Current thread:

Bug in bash <= 4.3 [security feature bypassed] Hector Marco (Jun 04)
- Re: [oss-security] Bug in bash <= 4.3 [security feature bypassed] Jose Carlos Luna Duran (Jun 04)
  - Re: [FD] [oss-security] Bug in bash <= 4.3 [security feature bypassed] Hector Marco (Jun 05)
    - Re: [FD] [oss-security] Bug in bash <= 4.3 [security feature bypassed] Jeffrey Walton (Jun 06)
  - Re: [FD] [oss-security] Bug in bash <= 4.3 [security feature bypassed] lists (Jun 05)
- Re: Bug in bash <= 4.3 [security feature bypassed] Daryl Tester (Jun 05)
  - Re: Bug in bash <= 4.3 [security feature bypassed] Hector Marco (Jun 06)