bug-bash
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: rbash escape security vulnerability

From: up201407890
Subject: Re: rbash escape security vulnerability
Date: Fri, 10 Mar 2017 14:01:57 +0100
User-agent: Internet Messaging Program (IMP) H3 (4.2) 
Quoting "Ruben Rodriguez" <ruben@fsf.org>:

This has been fixed in bash 4.4.


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Reported through rt.gnu.org:


I'd like to report a security bug in rbash. the BASH_CMDS env
variable is writable from within rbash. so something like this
BASH_CMDS[poop]=/bin/bash;poop will escape the restricted rbash
shell.


Regards,
- --
Ruben Rodriguez | Senior Systems Administrator, Free Software Foundation
GPG Key: 05EF 1D2F FE61 747D 1FC8  27C3 7FAC 7D26 472F 4409
https://fsf.org | https://gnu.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBAgAGBQJYwaXvAAoJEH+sfSZHL0QJTKUQAISM7t/hTfp4HOApE2xFF+At
/cWCYSEZq3ZhNnh8BlSLrNx0AjYYN98nJ3c1xJKMcI87veZ0kT4QRxZEoXF7TLgM
ck/zkXF97uZKwTolj9Opa2OXJTIj8hlWHYTrlkZZjLAywlYMuMHtWf85gs6KJ15x
RguGJylbWYvIreg4ikzCDpaGdjM+K8xnnO/OvD9dxAzC3G2YSlVOy6JuOoWH3KWV
Bw8tHYR+X98koOgu1kugiUk4ngqjOcnO8G02JjXbEsA831mdUbetEMf63mekrSCP
AZDwvt8jA1TTzkY1LT0MpdbVScFeuFd4vINdfjH6V2fHN1i9UYLA8pOWX6gXLu4T
vBZKStRJk+HyXJnqSG5b7BxguQo8JCVHsGfgab4hKkIiE3mZzBX+pRLPLG/krJaW
LPmGhIuJa/ujMFgA9nbAPjcOlH0x5NIea/jCpCLr3DwIPmRSsbIZvPkxhPiFqtyF
cGCtOdOhBkHNNfoF9tO/1ak4j6IBVVwr/4EPkBlRn1OnHMBNvOshFJj5zDrdr9VX
HKK8iOCpccpRqpwI6zdaLNxgvOthGEorGsXQwlQbLicsmPDZIpIseyH/T9C6eL50
BZghPtCXpD2tGZ1RxqWUt1IwA84tKSaKr+RQAy1Yoio0IxOXd7U0ljb4yIh+hhHt
YJQciA6MygBLFCsoe7u4
=IjX0
-----END PGP SIGNATURE-----






----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]