Re: Bug in bash <= 4.3 [security feature bypassed]

看板Bugtraq作者dt-bugtraq.時間11年前 (2014/06/06 02:01)推噓0(0推 0噓 0→)

留言0則, 0人參與討論串2/3 (看更多)

On 03/06/14 23:46, Hector Marco wrote: > Recently we discovered a bug in bash. After some time after reporting > it to bash developers, it has not been fixed. .... > Any comments about this issue are welcomed. > > Details at: > http://hmarco.org/bugs/bash_4.3-setuid-bug.html I'm only going by the patch presented above, so ... 1. The program should be calling setgid() before setuid() (which is another common class of security mistake). 2. Why is exit() returning values greater than 255? It's not capable of doing that under (most) Unix environments. -- Regards, Daryl Tester Handcrafted Computers Pty. Ltd.

‣ 返回看板[ Bugtraq ] 臭蟲

‣ 更多 dt-bugtraq. 的文章

文章代碼(AID): #1JaB1UQD (Bugtraq)