-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reported through rt.gnu.org:
> I'd like to report a security bug in rbash. the BASH_CMDS env > variable is writable from within rbash. so something like this > BASH_CMDS[poop]=/bin/bash;poop will escape the restricted rbash > shell. Regards, - -- Ruben Rodriguez | Senior Systems Administrator, Free Software Foundation GPG Key: 05EF 1D2F FE61 747D 1FC8 27C3 7FAC 7D26 472F 4409 https://fsf.org | https://gnu.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBAgAGBQJYwaXvAAoJEH+sfSZHL0QJTKUQAISM7t/hTfp4HOApE2xFF+At /cWCYSEZq3ZhNnh8BlSLrNx0AjYYN98nJ3c1xJKMcI87veZ0kT4QRxZEoXF7TLgM ck/zkXF97uZKwTolj9Opa2OXJTIj8hlWHYTrlkZZjLAywlYMuMHtWf85gs6KJ15x RguGJylbWYvIreg4ikzCDpaGdjM+K8xnnO/OvD9dxAzC3G2YSlVOy6JuOoWH3KWV Bw8tHYR+X98koOgu1kugiUk4ngqjOcnO8G02JjXbEsA831mdUbetEMf63mekrSCP AZDwvt8jA1TTzkY1LT0MpdbVScFeuFd4vINdfjH6V2fHN1i9UYLA8pOWX6gXLu4T vBZKStRJk+HyXJnqSG5b7BxguQo8JCVHsGfgab4hKkIiE3mZzBX+pRLPLG/krJaW LPmGhIuJa/ujMFgA9nbAPjcOlH0x5NIea/jCpCLr3DwIPmRSsbIZvPkxhPiFqtyF cGCtOdOhBkHNNfoF9tO/1ak4j6IBVVwr/4EPkBlRn1OnHMBNvOshFJj5zDrdr9VX HKK8iOCpccpRqpwI6zdaLNxgvOthGEorGsXQwlQbLicsmPDZIpIseyH/T9C6eL50 BZghPtCXpD2tGZ1RxqWUt1IwA84tKSaKr+RQAy1Yoio0IxOXd7U0ljb4yIh+hhHt YJQciA6MygBLFCsoe7u4 =IjX0 -----END PGP SIGNATURE-----
