[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bug in bash <= 4.3 [security feature bypassed]

On 03/06/14 23:46, Hector Marco wrote:

Recently we discovered a bug in bash. After some time after reporting
it to bash developers, it has not been fixed.


Any comments about this issue are welcomed.

Details at:

I'm only going by the patch presented above, so ...

1.  The program should be calling setgid() before setuid() (which is
another common class of security mistake).

2.  Why is exit() returning values greater than 255?  It's not capable
of doing that under (most) Unix environments.

 Daryl Tester
 Handcrafted Computers Pty. Ltd.