** Changed in: dash (Debian)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1215660
Title:
dash does not drop privileges when euid != uid, this can cause
** Branch linked: lp:ubuntu/dash
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1215660
Title:
dash does not drop privileges when euid != uid, this can cause local
root exploits when setuid
This bug was fixed in the package dash - 0.5.7-4ubuntu2
---
dash (0.5.7-4ubuntu2) wily; urgency=medium
* Drop privileges when euid != uid as a security measure (LP: #1215660)
- debian/diff/9001-Add-privmode-Part-1.diff
- debian/diff/9002-Add-privmode-Part-2.diff
-- Marc
** Changed in: dash (Ubuntu)
Assignee: (unassigned) = Marc Deslauriers (mdeslaur)
** Changed in: dash (Ubuntu)
Importance: Undecided = High
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Bug watch added: Debian Bug tracker #734869
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734869
** Also affects: dash (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734869
Importance: Unknown
Status: Unknown
--
You received this bug notification because you
** Changed in: dash (Debian)
Status: Unknown = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1215660
Title:
dash does not drop privileges when euid != uid, this can cause local
correction on my previous comment:
My point 1 is only true on Debian and derivatives. bash does drop its
privilege when setuid and called as sh without -p just like when not
called as sh, but Debian's bash package has a patch that disables that
dropping of privileges when called as sh.
There are several incorrect statements in the initial report and the
linked CVE.
1. bash doesn't drop its privilege when setuid when called as sh. It
only does so when called as bash and without the -p option. It does
however go into a mode where it does not trust its environment as much
as when
** Changed in: dash (Ubuntu)
Status: New = Triaged
** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-1662
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1215660
Title:
Note that the linked CVE-2013-1662 is for a vulnerability in VMWare's
vmware-mount, not in dash.
As a hardening measure, this is unlikely to get a CVE number itself.
Thanks
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
See also followup patch at http://www.openwall.com/lists/oss-
security/2013/08/22/15 to switch configuration options to better match
bash and FreeBSD.
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
11 matches
Mail list logo