from:"shanmuga"

[Touch-packages] [Bug 1507025] Re: Shell Command Injection with the hostname

2019-12-19 Thread Manoj Shanmuga Sundaram

This bug was not fixed Upto bash v4.3 , this bug also arises in v3.2.57.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/1507025

Title:
  Shell Command Injection with the hostname

Status in bash package in Ubuntu:
  Fix Released

Bug description:
  If the HOSTNAME of the pc contains a shell command , 
  the command will run every time you start a terminal, tty or xterm.

  The command will also executed every time when you type in some command.
  If you for example change the directory , it will run again.
   
  Exploit Demo :

  1) edit "/etc/hosts"  to this :

  127.0.0.1 localhost
  127.0.1.1  `ls>bug`

  2) edit "/etc/hostname" to this :

  `ls>bug`

  3) reboot

  4) start a terminal

  5) Now a file with the name "bug" will in your home folder !

  6) Change the directory to Downloads with "cd Downloads/"

  7) Now a file with the name "bug" is in your Downloads !

  8) Remove the file with  "rm bug"

  9) The file "bug" is still there !

  
  Have a look on the screenshot i have attached.

  Solution:
  The hostname should be checked if there are shell commands inside !!

  By the way :
  The hostname is not always in the hands of the root. 
  Some people rent "vservers" and the hostname is in the hands of the isp.

  ProblemType: Bug
  DistroRelease: Ubuntu 15.10
  Package: bash 4.3-14ubuntu1
  ProcVersionSignature: Ubuntu 4.2.0-15.18-generic 4.2.3
  Uname: Linux 4.2.0-15-generic x86_64
  ApportVersion: 2.19.1-0ubuntu2
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Fri Oct 16 22:31:46 2015
  InstallationDate: Installed on 2015-10-09 (6 days ago)
  InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Alpha amd64 (20151009)
  SourcePackage: bash
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1507025/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1610499] Re: hadoop crash: /bin/kill in ubuntu16.04 has bug in killing process group

2016-10-09 Thread shanmuga

Hi @groden,

I am running hadoop 2.7.3 in pseudo distribution mode on ubuntu 16.04
through a Virtual Machine. I am facing the same issue. My ubuntu logs
off whenever i submit a new hadoop job. I would like to try your
workaround. Can you provide me a link/explain on how to download and
override procps-3.3.10 source code.

I am a beginner with ubuntu. Please help!

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to procps in Ubuntu.
https://bugs.launchpad.net/bugs/1610499

Title:
  hadoop crash: /bin/kill in ubuntu16.04 has bug in killing process
  group

Status in procps package in Ubuntu:
  Confirmed

Bug description:
  when i run hadoop in ubuntu 16.04, ssh will exit, all process which
  belong to hadoop user will be killed ,through debug ,i found the
  /bin/kill in ubuntu16.04 has a bug , it has bug in killing process
  group   .

  Ubuntu version is:

  Description:Ubuntu 16.04.1 LTS
  Release:16.04

  (1)The way to repeat this bug
  It is easy to repeat this bug , run “/bin/kill -15 -12345”  or any like 
“/bin/kill -15 -1”  in ubuntu16.04  , it will kill all the process .

  (2)Cause analysis
  The code of /bin/kill in ubuntu16.04 come from procps-3.3.10 ,  when I run 
“/bin/kill -15 -1” , it actually send signal 15 to -1 ,

  -1 mean it will kill all the process .

  (3)The bug in procps-3.3.10/skill.c ,I think the code "pid =
  (long)('0' - optopt) " is not right .

  static void __attribute__ ((__noreturn__)) kill_main(int argc, char 
**argv)
  {
    case '?':
  if (!isdigit(optopt)) {
  xwarnx(_("invalid argument %c"), optopt);
  kill_usage(stderr);
  } else {
  /* Special case for signal digit negative
   * PIDs */
  pid = (long)('0' - optopt);

  if (kill((pid_t)pid, signo) != 0)
   exitvalue = EXIT_FAILURE;
  exit(exitvalue);
  }
  loop=0;
  }

  (4) the cause
   sometimes when the resource is tight or a hadoop container lost connection 
in sometime, the nodemanager will kill this container , it send a signal to 
kill this jvm process ,it is a normal behavior for hadoop to kill a task and 
then reexecute this task. but with this kill bug ,it kill all the process 
belong to a hadoop user .

  (5) The way to workaround
   I  copy /bin/kill in ubuntu14.04 to override /bin/kill in ubuntu16.04, it is 
ok in this way . I also think it is better to ask procps-3.3.10 maintainer to 
solve their bug,but i don't know how to contact them .

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/procps/+bug/1610499/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1507025] Re: Shell Command Injection with the hostname

[Touch-packages] [Bug 1610499] Re: hadoop crash: /bin/kill in ubuntu16.04 has bug in killing process group

2 matches

Site Navigation

Mail list logo

Footer information