Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Patch to prevent setuid bash shells
From: njs3 () DOC IC AC UK (Niall Smart)
Date: Mon, 1 Jun 1998 18:33:11 +0100


On May 30,  1:04pm, aleph1 () NATIONWIDE NET wrote:
} Subject: Patch to prevent setuid bash shells
This patches bash 1.4.15 to prevent setuid root shells.  Of course, this
does not totally secure a system.  A buffer overflow could run /bin/csh
instead of /bin/sh, or any other command.

Apart from the fact that this patch is just plain stupid, there are
easier ways to do it.  All you need to do is modify bash so that it
doesn't accept --noprofile and then put all that crap in /etc/profile.
More flexible, but just as useless.  BTW the attacker doesn't even
need to use a different shell to get around this, he just setgid(0);
setuid(0); before exec'ing.


niall



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]