Quoting "Ruben Rodriguez" :
This has been fixed in bash 4.4.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Reported through rt.gnu.org:
I'd like to report a security bug in rbash. the BASH_CMDS env
variable is writable from within rbash. so something like this
BASH_CMDS[poop]=/bin/bash;poop
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Reported through rt.gnu.org:
> I'd like to report a security bug in rbash. the BASH_CMDS env
> variable is writable from within rbash. so something like this
> BASH_CMDS[poop]=/bin/bash;poop will escape the restricted rbash
> shell.
Regards,
- --
R
