Source: bash Version: 4.2+dfsg-0.1 Severity: wishlist Tags: security Hi,
After reading the following link, I'm wondering it shouldn't be time to consider removing the privmode.diff patch in Debian. http://blog.cmpxchg8b.com/2013/08/security-debianisms.html This patch has been added back in 1999 to fix^Wworkaround an issue with bsmtpd (#52586). At the time privileges dropping in bash was brand new, but now 14 years later, we could expect that other software are aware of this behaviour (hopefully) and that it can safely be removed. Both bsmtpd and dip (listed at point 7 in the NOTES file as possibly impacted) are both gone in Debian since 2005. Note that some manpages (ie. system(3)) have a special note about this bash behaviour in debian that should be removed too if you are deciding to drop the patch. Cheers Laurent Bigonville -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.10-2-amd64 (SMP w/8 CPU cores) Locale: LANG=fr_BE.utf8, LC_CTYPE=fr_BE.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
