On Sat, Apr 4, 2015 at 8:22 AM, David Bonner <thed_2...@hotmail.com> wrote:
> Bash Bug Report > > Configuration Information [Automatically generated, do not change]: > Machine: x86_64 > OS: linux-gnu > Compiler: gcc > Compilation CFLAGS: -DPROGRAM='bash' -DCONF_HOSTTYPE='x86_64' > -DCONF_OSTYPE='linux-gnu' -DCONF_MACHTYPE='x86_64-pc-linux-gnu' > -DCONF_VENDOR='p$ > uname output: Linux LFS-BUILD 3.16.0-23-generic #31-Ubuntu SMP Tue Oct 21 > 17:56:17 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux > Machine Type: x86_64-pc-linux-gnu > > Bash Version: 4.3 > Patch Level: 30 > Release Status: release > > Description: > The restricted shell opened by calling rbash or bash with the -r > or --restricted option can be easily circumvented with the > command 'chroot / bash' making the restricted shell useless > because anyone can get out of it with this command. > > Repeat-By: > 1:Open a restricted shell > 2:Test with 'cd ..' > 3:Use 'chroot / bash' > 4:Test that you are no longer restricted with 'chroot / bash' > > This has already been discussed in the mailing list, you should be able to find previous discussions about this and the fact that bash -r is not an all inclusive solution (eg https://lists.gnu.org/archive/html/bug-bash/2012-01/msg00048.html ) . However your example is not a very convincing one, you cannot use "cd" with a restricted shell, so it's not clear what you are really using and it is obvious that many commands will allow to not be restricted if they are made available.
