On Thursday 14 November 2013 00:50:33 Piotr Grzybowski wrote: > I can think of an attack, just provide me with ip address of the host > :) and a root account password and login :) > > I agree that most systems have other abilities to do the (almost) > same, but yet, all systems (that is to say many more than have nc) > have bash, and while roots on those will expect netcat to be able to > open listen sockets they do not necessarily expect bash to do the > same. > My main point is: this patch means that every user that has access to > who-knows-how restricted shell can open listen sockets, and unless > someone thought of using grsecurity to deny access to bind(2) it is > unrestricted.
as Joel said, the functionality he is adding does not impact the attack vector at all. bash already has networking functionality built into it. > This feature should at least be switchable, or otherwise restricted. it already is via a configure flag: --disable-net-redirections -mike
signature.asc
Description: This is a digitally signed message part.
