Control: tags -1 moreinfo
On Mon, 23 Mar 2015 22:12:18 +0100 Christoph Anton Mitterer
<cales...@scientia.net> wrote:
Apparently there's some strange patch applied against the Debian
version of bash, which allows suid scripts to be executed
(isn't that a security issue?).
Hi,
why would that be a security issues? Executing suid scripts is just as
dangerous as executing suid binaries.
It also seems to invalidate that documented behaviour from the manpage:
>If the shell is started with the effective user (group) id not equal to
>the real user (group) id, and the -p option is not supplied, no startup
>files are read, shell functions are not inherited from the environment,
>the SHELLOPTS, BASHOPTS, CDPATH, and GLOBIGNORE variables, if they
>appear in the environment, are ignored, and the effective user id is
>set to the real user id. If the -p option is supplied at invocation,
>the startup behavior is the same, but the effective user id is not
>reset.
So could you please either correct the behaviour or accordingly remove
that documentation and add it to a secution of deviations between
upstream and Debian?
The documentation states what happens when bash acts as the interpreter
for a suid script. Certain variables are cleared, some files are not read.
Did you find that any of the described measures are not applied when
running suid scripts?
Regards,
--
Gioele Barabucci
