Bugtraq mailing list archives
Re: Patch to prevent setuid bash shells
From: njs3 () DOC IC AC UK (Niall Smart)
Date: Mon, 1 Jun 1998 18:33:11 +0100
On May 30, 1:04pm, aleph1 () NATIONWIDE NET wrote: } Subject: Patch to prevent setuid bash shells
This patches bash 1.4.15 to prevent setuid root shells. Of course, this does not totally secure a system. A buffer overflow could run /bin/csh instead of /bin/sh, or any other command.
Apart from the fact that this patch is just plain stupid, there are easier ways to do it. All you need to do is modify bash so that it doesn't accept --noprofile and then put all that crap in /etc/profile. More flexible, but just as useless. BTW the attacker doesn't even need to use a different shell to get around this, he just setgid(0); setuid(0); before exec'ing. niall
Current thread:
- Patch to prevent setuid bash shells aleph1 () NATIONWIDE NET (May 30)
- <Possible follow-ups>
- Re: Patch to prevent setuid bash shells Niall Smart (Jun 01)
- Re: Patch to prevent setuid bash shells Aleph One (Jun 01)
- Clarification Niall Smart (Jun 02)
- Re: Patch to prevent setuid bash shells Ryan Veety (Jun 02)
- PPTP Vulnerability Aleph One (Jun 02)
- Re: Patch to prevent setuid bash shells Aleph One (Jun 01)