[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Detecting invocation as /bin/sh ?

From: Chet Ramey
Subject: Re: Detecting invocation as /bin/sh ?
Date: Mon, 29 Sep 2014 19:40:32 -0400
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.6.0

On 9/29/14, 5:46 PM, Alexandre Ferrieux wrote:

> Forget about posix mode then: bash -p (privileged) offers a lean-and-mean 
> variant which pretty much satisfies anybody needing "just sh". However, there 
> is no way to store an option in a symbolic link, so all distributions doing 
> "sh -> bash" are bound to perpetuate the danger (of "eval-from-the-env"). So 
> it would seem normal for some of them to move away from bash as the default 
> sh.

Are we talking about the same thing?

Privileged mode is intended for use when bash might run setuid (a bad idea
in any case).  It affects what bash will use from the environment -- yes,
including shell functions -- and inhibits setting the euid to the ruid.
It doesn't have any other effect.  It certainly doesn't turn off any bash

``The lyf so short, the craft so long to lerne.'' - Chaucer
                 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU    address@hidden    http://cnswww.cns.cwru.edu/~chet/

reply via email to

[Prev in Thread] Current Thread [Next in Thread]