mailing list archives
Re: Patch to prevent setuid bash shells
From: njs3 () DOC IC AC UK (Niall Smart)
Date: Mon, 1 Jun 1998 18:33:11 +0100
On May 30, 1:04pm, aleph1 () NATIONWIDE NET wrote:
} Subject: Patch to prevent setuid bash shells
This patches bash 1.4.15 to prevent setuid root shells. Of course, this
does not totally secure a system. A buffer overflow could run /bin/csh
instead of /bin/sh, or any other command.
Apart from the fact that this patch is just plain stupid, there are
easier ways to do it. All you need to do is modify bash so that it
doesn't accept --noprofile and then put all that crap in /etc/profile.
More flexible, but just as useless. BTW the attacker doesn't even
need to use a different shell to get around this, he just setgid(0);
setuid(0); before exec'ing.