[6888] in bugtraq
Re: Patch to prevent setuid bash shells
daemon@ATHENA.MIT.EDU (Niall Smart)
Mon Jun 1 16:46:07 1998
Date: Mon, 1 Jun 1998 18:33:11 +0100
Reply-To: Niall Smart <njs3@DOC.IC.AC.UK>
From: Niall Smart <njs3@DOC.IC.AC.UK>
X-To: aleph1@nationwide.net
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: aleph1@NATIONWIDE.NET "Patch to prevent setuid bash shells" (May
30, 1:04pm)
On May 30, 1:04pm, aleph1@NATIONWIDE.NET wrote:
} Subject: Patch to prevent setuid bash shells
> This patches bash 1.4.15 to prevent setuid root shells. Of course, this
> does not totally secure a system. A buffer overflow could run /bin/csh
> instead of /bin/sh, or any other command.
Apart from the fact that this patch is just plain stupid, there are
easier ways to do it. All you need to do is modify bash so that it
doesn't accept --noprofile and then put all that crap in /etc/profile.
More flexible, but just as useless. BTW the attacker doesn't even
need to use a different shell to get around this, he just setgid(0);
setuid(0); before exec'ing.
niall
