Re: double free SIGSEGV and SELinux AVC denial
On 6/3/23 7:33 PM, Wiley Young wrote: Bash Version: 5.2 Patch Level: 15 Release Status: release Description: While trying to capture line numbers in an array, there was a reproducible double free with an accompanying AVC denial. Uncommenting line 25 somehow eliminates the double free. Thanks for the report. This is the same issue as in your previous report. Chet -- ``The lyf so short, the craft so long to lerne.'' - Chaucer ``Ars longa, vita brevis'' - Hippocrates Chet Ramey, UTech, CWRUc...@case.eduhttp://tiswww.cwru.edu/~chet/
Bash ONESHOT optimization in conjunction with interactive mode breaks
Configuration Information [Automatically generated, do not change]: Machine: x86_64 OS: linux-gnu Compiler: gcc Compilation CFLAGS: -g -O2 -Wno-parentheses -Wno-format-security uname output: Linux nas 5.15.85 #1-NixOS SMP Wed Dec 21 16:36:38 UTC 2022 x86_64 GNU/Linux Machine Type: x86_64-pc-linux-gnu Bash Version: 5.1 Patch Level: 16 Release Status: release Description: When running a command in interactive mode (i.e. bash -ic '/some/command') a bash script will stop itself and put it in the background unexpectedly. Repeat-By: Take the following script: #!/usr/bin/env bash # Run some command in an interactive shell $SHELL -ic '/usr/bin/env echo hello' export IN_SHELL_TEST=true # Launch a new $SHELL with modified environment $SHELL -i A typical session looks like this: $ ./shell-test hello [1]+ Stopped ./shell-test $ echo $IN_SHELL_TEST $ fg ./shell-test $ echo $IN_SHELL_TEST true This is very unexpected behavior. I would expect to launch directly into the new shell, rather than have it start in the background. Fix: Alex Shpilkin discovered that disabling ONESHOT optimization prevents the bug from presenting. He did this by recompiling bash after removing '#define ONESHOT'. Another mitigation is to prefix the first command with `exec`, for example: $SHELL -ic 'exec /usr/bin/env echo hello'
