oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [PATCH] implement privmode support in dash

From: Tavis Ormandy <taviso () google com>
Date: Thu, 22 Aug 2013 13:05:11 -0700
On Thu, Aug 22, 2013 at 12:59 PM, Harald van Dijk <harald () gigawatt nl> wrote:

On 22/08/13 19:59, Tavis Ormandy wrote:

Hello, this is a patch to add privmode support to dash. privmode attempts to
drop privileges by default if the effective uid does not match the uid. This
can be disabled with -p, or -o nopriv.


Hi Tavis,

Your approach definitely has my support (FWTW), but there are two
aspects that surprised me, and are different from bash and FreeBSD's sh:

You named the option nopriv, while bash and FBSD use the name
privileged. I think it is likely to confuse people if "bash -o
privileged" and "dash -o nopriv" do the same thing, and that it would be
better to match bash and give the option a positive name, such as
"priv", or perhaps even match them exactly and use "privileged".

In bash and FBSD, after starting with -p, set +p can be used to drop
privileges. With your patch, dash accepts set +p, but silently ignores it.

How does something like the attached, to be applied on top of your
patch, look?


Thanks Harald, those changes make sense to me.

Tavis.
Previous By Date Next
Previous By Thread Next

Current thread: