https://bugzilla.novell.com/show_bug.cgi?id=806628
https://bugzilla.novell.com/show_bug.cgi?id=806628#c6
--- Comment #6 from L. A. Walsh 2013-03-09 06:25:29 PST ---
Since the bug marked as non-public was closed, I'll copy the parts that make
this security relevant here.
f a user has shell
'rbash',
and has any means to create a file and execute it,
The following script in a file will give them an unrestricted shell.
(not root, but if the intent was to restrict the user, this
patch breaks it).
I would strongly suggest not including the patch in the bash-rpm sources
called "bash-3.2-longjmp.dif" that patches bash source file
execute_cmd.c to ignore the shell the user started with
and execute any new, script source that doesn't start with "#!...",
under /bin/sh.
This elevates restricted users to a non restricted shell.
----script------
# see what we can do w/suse's patch
echo in script, 0=$0,
exec /bin/bash -i
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.