> 2014-06-03 16:16 GMT+02:00 Hector Marco :
>
> Hi everyone,
>
> Recently we discovered a bug in bash. After some time after reporting
> it to bash developers, it has not been fixed.
>
> We think that this is a security issue because in some circumstances
> the bash security feature could be bypass
On 04/06/14 11:13, Jose Carlos Luna Duran wrote:
In my opinion the drop of privs in bash was mostly a "help" measure
for poorly written setuid programs executing system() calls. I don't
think is the role of bash to do this as the problem that could be
exploited by that would really be in the ori
Jose Carlos Luna Duran writes:
> In my opinion the drop of privs in bash was mostly a "help" measure
> for poorly written setuid programs executing system() calls. I don't
> think is the role of bash to do this ...
True, but it is a slight help and I'm in favour of keeping it.
> Correct me if I'
In my opinion the drop of privs in bash was mostly a "help" measure
for poorly written setuid programs executing system() calls. I don't
think is the role of bash to do this as the problem that could be
exploited by that would really be in the original program that does
not drop privs before invoki