oss-sec mailing list archives
Re: [PATCH] implement privmode support in dash
From: Roy <roytam () gmail com>
Date: Fri, 23 Aug 2013 22:23:45 +0800
On Fri, 23 Aug 2013 19:40:31 +0800, "Jérémie Courrèges-Anglas" <jca+dash () wxcvbn org> wrote:
Also, Tavis Ormandy <taviso () google com> writes: [...]Apart from that, it is better to check the return value from setuid() and similar functions. In particular, some versions of Linux may fail setuid() for [EAGAIN], leaving the process running with the same privileges.I don't think this is true anymore, but I have no strong objection to adding it, so long as it's noted that bash and pdksh do not do this.Just for reference, from mksh:
[snip] BTW it is just changed in cvs. Log message: Commit ID: 10052176CB912FE954B CVSROOT: /cvs Module name: src Changes by: tg () herc mirbsd org 2013/08/23 14:07:41 UTC Modified files: distrib/special/mksh: Makefile bin/mksh : Build.sh Makefile check.t misc.c mksh.1 sh.h Log message: SECURITY: Unbreak “set +p”, broken by OpenBSD ksh change. TODO: I am seriously considering following Chet and changing the way this works, by explicitly dropping privs unless the shell is run with -p. Every other shell does it like mksh, except Heirloom sh, which on the other hand doesn’t know any explicit set -p or set +p (though it doesn’t know set +foo for any foo either). ┌──┤ QUESTION: Do we need the ability to do this: │ tg@blau:~ $ ./suidmksh -p -c 'whoami; set +p; whoami' │ root │ tg If not, I’m seriously considering to drop set ±p as well, only parse -p on the command line, with +p being the default, and dropping FPRIVILEGED. Thanks to RT for noticing and jilles for initial follow-up discussion, as well as Chet Ramey for doing the sane/secure thing instead of following Debian. To generate a diff of this changeset, execute the following commands: cvs -R rdiff -kk -upr1.71 -r1.72 src/distrib/special/mksh/Makefile cvs -R rdiff -kk -upr1.645 -r1.646 src/bin/mksh/Build.sh cvs -R rdiff -kk -upr1.124 -r1.125 src/bin/mksh/Makefile cvs -R rdiff -kk -upr1.630 -r1.631 src/bin/mksh/check.t cvs -R rdiff -kk -upr1.214 -r1.215 src/bin/mksh/misc.c cvs -R rdiff -kk -upr1.320 -r1.321 src/bin/mksh/mksh.1 cvs -R rdiff -kk -upr1.668 -r1.669 src/bin/mksh/sh.h
Current thread:
- [PATCH] implement privmode support in dash Tavis Ormandy (Aug 22)
- Re: [PATCH] implement privmode support in dash Simon McVittie (Aug 22)
- Re: [PATCH] implement privmode support in dash Tavis Ormandy (Aug 23)
- Re: [PATCH] implement privmode support in dash Ludwig Nussel (Aug 23)
- Re: [PATCH] implement privmode support in dash Harald van Dijk (Aug 22)
- Re: [PATCH] implement privmode support in dash Tavis Ormandy (Aug 22)
- Re: [PATCH] implement privmode support in dash Jilles Tjoelker (Aug 22)
- Re: [PATCH] implement privmode support in dash Tavis Ormandy (Aug 22)
- Re: [PATCH] implement privmode support in dash Jérémie Courrèges-Anglas (Aug 23)
- Re: [PATCH] implement privmode support in dash Jérémie Courrèges-Anglas (Aug 23)
- Re: [PATCH] implement privmode support in dash Roy (Aug 23)
- Re: [PATCH] implement privmode support in dash Simon McVittie (Aug 22)
- Re: [PATCH] implement privmode support in dash Seth Arnold (Aug 22)
- Re: [PATCH] implement privmode support in dash Michael Samuel (Aug 22)
- Re: [PATCH] implement privmode support in dash Tavis Ormandy (Aug 23)
- Re: [PATCH] implement privmode support in dash Florian Weimer (Aug 23)