Date: Thu, 05 Jun 2014 09:03:01 +0100 From: lists@...atla.org.uk To: oss-security@...ts.openwall.com, jose.carlos.luna@...il.com Cc: fulldisclosure@...lists.org, bugtraq@...urityfocus.com, bugs@...uritytracker.com Subject: Re: [FD] Bug in bash <= 4.3 [security feature bypassed] Jose Carlos Luna Duran writes: > In my opinion the drop of privs in bash was mostly a "help" measure > for poorly written setuid programs executing system() calls. I don't > think is the role of bash to do this ... True, but it is a slight help and I'm in favour of keeping it. > Correct me if I'm wrong, but even in that case there is another "help" > measure that has been implemented at least in linux kernels > 3.1: > http://lxr.free-electrons.com/source/kernel/sys.c?v=3.1#L628 For permanent dropping of privilege I suggest calling setgid() and setuid() to the desired values *twice* (and ignore the return code). Then try to reset to the original values (should fail; ignore return code). Then test that the real and effective values are the same and are the ones you want - that's the result that indicates success in this case. And exit() if failed. That's the simple usage guide - David Wagner has written at length on the technicalities.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.