[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: security problem in restricted shell?
From: |
Chet Ramey |
Subject: |
Re: security problem in restricted shell? |
Date: |
Tue, 10 Jul 2001 13:10:53 -0400 |
> I think I found a serious security problem in bash's implementation of a
> restricted shell, when combined with badly written scripts in the allowed
> PATH. I include a suggested interim workaround for people affected by this
> hole, and a fix to bash to get rid of this hole.
The one-line fix I made is to not put exported function definitions in the
export environment if the shell is restricted.
Chet
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
( ``Discere est Dolere'' -- chet)
Chet Ramey, CWRU chet@po.CWRU.Edu http://cnswww.cns.cwru.edu/~chet/