| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 05 Jun 2014 09:03:01 +0100 From: lists@...atla.org.uk To: oss-security@...ts.openwall.com, jose.carlos.luna@...il.com Cc: fulldisclosure@...lists.org, bugs@...uritytracker.com, bugtraq@...urityfocus.com Subject: Re: [FD] [oss-security] Bug in bash <= 4.3 [security feature bypassed] Jose Carlos Luna Duran writes: > In my opinion the drop of privs in bash was mostly a "help" measure > for poorly written setuid programs executing system() calls. I don't > think is the role of bash to do this ... True, but it is a slight help and I'm in favour of keeping it. > Correct me if I'm wrong, but even in that case there is another "help" > measure that has been implemented at least in linux kernels > 3.1: > http://lxr.free-electrons.com/source/kernel/sys.c?v=3.1#L628 For permanent dropping of privilege I suggest calling setgid() and setuid() to the desired values *twice* (and ignore the return code). Then try to reset to the original values (should fail; ignore return code). Then test that the real and effective values are the same and are the ones you want - that's the result that indicates success in this case. And exit() if failed. That's the simple usage guide - David Wagner has written at length on the technicalities. _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists