Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 23 Aug 2013 22:23:45 +0800
From: Roy <roytam@...il.com>
To: oss-security@...ts.openwall.com
Cc: dash@...r.kernel.org
Subject: Re: [PATCH] implement privmode support in dash

On Fri, 23 Aug 2013 19:40:31 +0800, "Jérémie Courrèges-Anglas"  
<jca+dash@...vbn.org> wrote:

>
> Also,
>
> Tavis Ormandy <taviso@...gle.com> writes:
>
> [...]
>
>>> Apart from that, it is better to check the return value from setuid()
>>> and similar functions. In particular, some versions of Linux may fail
>>> setuid() for [EAGAIN], leaving the process running with the same
>>> privileges.
>>
>> I don't think this is true anymore, but I have no strong objection to
>> adding it, so long as it's noted that bash and pdksh do not do this.
>
> Just for reference, from mksh:
>

[snip]

BTW it is just changed in cvs. Log message:

Commit ID:	10052176CB912FE954B
CVSROOT:	/cvs
Module name:	src
Changes by:	tg@...c.mirbsd.org	2013/08/23 14:07:41
UTC

Modified files:
	distrib/special/mksh: Makefile
	bin/mksh       : Build.sh Makefile check.t misc.c mksh.1 sh.h

Log message:
SECURITY: Unbreak “set +p”, broken by OpenBSD ksh change.

TODO: I am seriously considering following Chet and changing
the way this works, by explicitly dropping privs unless the
shell is run with -p. Every other shell does it like mksh,
except Heirloom sh, which on the other hand doesn’t know any
explicit set -p or set +p (though it doesn’t know set +foo
for any foo either).

┌──┤ QUESTION: Do we need the ability to do this:
│ tg@...u:~ $ ./suidmksh -p -c 'whoami; set +p; whoami'
│ root
│ tg

If not, I’m seriously considering to drop set ±p as well,
only parse -p on the command line, with +p being the default,
and dropping FPRIVILEGED.

Thanks to RT for noticing and jilles for initial follow-up
discussion, as well as Chet Ramey for doing the sane/secure
thing instead of following Debian.

To generate a diff of this changeset, execute the following commands:
cvs -R rdiff -kk -upr1.71 -r1.72 src/distrib/special/mksh/Makefile
cvs -R rdiff -kk -upr1.645 -r1.646 src/bin/mksh/Build.sh
cvs -R rdiff -kk -upr1.124 -r1.125 src/bin/mksh/Makefile
cvs -R rdiff -kk -upr1.630 -r1.631 src/bin/mksh/check.t
cvs -R rdiff -kk -upr1.214 -r1.215 src/bin/mksh/misc.c
cvs -R rdiff -kk -upr1.320 -r1.321 src/bin/mksh/mksh.1
cvs -R rdiff -kk -upr1.668 -r1.669 src/bin/mksh/sh.h

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.