Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#40663 - [bash] SETUID fails to drop priveleges
Attached to Project:
Arch Linux
Opened by Mark E. Lee (bluerider) - Tuesday, 03 June 2014, 16:54 GMT
Last edited by Bartłomiej Piotrowski (Barthalion) - Wednesday, 11 June 2014, 09:29 GMT
Opened by Mark E. Lee (bluerider) - Tuesday, 03 June 2014, 16:54 GMT
Last edited by Bartłomiej Piotrowski (Barthalion) - Wednesday, 11 June 2014, 09:29 GMT
|
DetailsDescription:
A bug in bash <= 4.3 has been reported. See : < http://hmarco.org/bugs/bash_4.3-setuid-bug.html>; |
This task depends upon
Closed by Bartłomiej Piotrowski (Barthalion)
Wednesday, 11 June 2014, 09:29 GMT
Reason for closing: Fixed
Additional comments about closing: 4.3.018-3
Wednesday, 11 June 2014, 09:29 GMT
Reason for closing: Fixed
Additional comments about closing: 4.3.018-3
I'll wait for the reply from Chet Ramey first, but this patch doesn't make big sense, as kernel effectively prevents described "exploit".[1] I'll probably remove it.
[1] https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/tree/kernel/sys.c?id=refs/tags/v3.14.5#n415