Mailinglist Archive: opensuse-bugs (5243 mails)

< Previous Next >
[Bug 806628] Bash doesn't execute a script w/o the #! line as user's shell but as /bin/sh

https://bugzilla.novell.com/show_bug.cgi?id=806628

https://bugzilla.novell.com/show_bug.cgi?id=806628#c6


--- Comment #6 from L. A. Walsh <suse@xxxxxxxxx> 2013-03-09 06:25:29 PST ---
Since the bug marked as non-public was closed, I'll copy the parts that make
this security relevant here.

f a user has shell
'rbash',

and has any means to create a file and execute it,
The following script in a file will give them an unrestricted shell.
(not root, but if the intent was to restrict the user, this
patch breaks it).

I would strongly suggest not including the patch in the bash-rpm sources
called "bash-3.2-longjmp.dif" that patches bash source file
execute_cmd.c to ignore the shell the user started with
and execute any new, script source that doesn't start with "#!...",
under /bin/sh.

This elevates restricted users to a non restricted shell.

----script------
# see what we can do w/suse's patch
echo in script, 0=$0,
exec /bin/bash -i

--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

< Previous Next >