Package: bash
Version: 4.2+dfsg-0.1+deb7u3
Tags: security, patch
Severity: important
Hi
While fixing CVE-2016-7543 for wheezy I found that the upstream correction
was incomplete. It do in fact solve the problem described in the CVE but a
very closely related problem is not solved.
The problem described in the CVE is that it is possible to privilege
escalate to root.
However the patch only fix that specific problem, not escalation change to
any other user.
The attached patch solve that problem too.
Best regards
// Ola
--
--- Inguza Technology AB --- MSc in Information Technology ----
/ o...@inguza.com Folkebogatan 26 \
| o...@debian.org 654 68 KARLSTAD |
| http://inguza.com/ Mobile: +46 (0)70-332 1551 |
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
---------------------------------------------------------------
--- a/bash/variables.c.orig 2016-10-23 20:50:41.850176398 +0000
+++ a/bash/variables.c 2016-10-23 20:51:39.185346623 +0000
@@ -467,10 +467,7 @@
set_if_not ("PS2", secondary_prompt);
}
- if (current_user.euid == 0)
- bind_variable ("PS4", "+ ", 0);
- else
- set_if_not ("PS4", "+ ");
+ bind_variable ("PS4", "+ ", 0);
/* Don't allow IFS to be imported from the environment. */
temp_var = bind_variable ("IFS", " \t\n", 0);
