oss-sec mailing list archives
Re: Healing the bash fork
From: Michal Zalewski <lcamtuf () coredump cx>
Date: Tue, 30 Sep 2014 07:27:48 -0700
Florian's prefix/suffix patch is not going to protect against the setuid/setgid exploit that I reported to this list last week. I discuss the setuid/setgid vulnerability at the following site, including demonstrating how Florian's prefix/suffix patch provides no protection: http://technicalprose.blogspot.co.uk/2014/09/shellshock-bug-third-vulnerability.html
You do realize that your setuid program is patently unsafe, right? Say: $ echo -e '#!/bin/sh\necho pwn3d' >date;chmod 755 date;PATH=.:$PWD ./setuid_program pwn3d /mz
Current thread:
- Re: Healing the bash fork Mark R Bannister (Sep 30)
- <Possible follow-ups>
- Re: Healing the bash fork Sven Kieske (Sep 30)
- Re: Healing the bash fork Mark R Bannister (Sep 30)
- Re: Healing the bash fork Sebastian Krahmer (Sep 30)
- Re: Healing the bash fork Kobrin, Eric (Sep 30)
- Re: Healing the bash fork Sebastian Krahmer (Sep 30)
- Re: Healing the bash fork John Haxby (Sep 30)
- Re: Healing the bash fork Ed Prevost (Sep 30)
- Re: Healing the bash fork Rich Felker (Sep 30)
- Re: Healing the bash fork Kobrin, Eric (Sep 30)
- Re: Healing the bash fork Michal Zalewski (Sep 30)
- Re: Healing the bash fork Simon McVittie (Sep 30)
- Re: Healing the bash fork Mark R Bannister (Sep 30)
- Re: Healing the bash fork Tavis Ormandy (Sep 30)
- Re: Healing the bash fork Ed Prevost (Sep 30)
- Re: Healing the bash fork Zach Wikholm (Sep 30)
- Re: Healing the bash fork David A. Wheeler (Sep 30)
- Re: Healing the bash fork Michal Zalewski (Sep 30)
- Re: Healing the bash fork Stuart D. Gathman (Sep 30)
- Re: Healing the bash fork Ed Prevost (Sep 30)