[Secure-testing-team] Bug#734869: dash should drop its privileges in setuid context and implement privileged mode support (-p)
Raphaël Hertzog
hertzog at debian.org
Fri Jan 10 14:32:10 UTC 2014
Package: dash
Version: 0.5.7-3+nmu1
Severity: important
Tags: security patch
I have been reading
http://blog.cmpxchg8b.com/2013/08/security-debianisms.html and discovered
that dash doesn't drop its privileges when run in a setuid context.
This is a security measure that upstream's bash does implement however.
Turning off the dropping of the privileges must be explicitly required
with the -p command line option.
It would be nice if dash could be enhanced to behave in the same way
and thus avoid some security problems with the usage of popen/system
in setuid programs.
Tavis Ormandy even submitted a patch upstream:
http://thread.gmane.org/gmane.comp.shells.dash/841/
The initial reactions were rather positive but it looks like
the feature never got merged.
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.12-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages dash depends on:
ii debianutils 4.4
ii dpkg 1.17.6~20131221210620.235
ii libc6 2.17-97
dash recommends no packages.
dash suggests no packages.
-- debconf information:
* dash/sh: true
More information about the Secure-testing-team
mailing list