On 03/06/14 23:46, Hector Marco wrote:
Recently we discovered a bug in bash. After some time after reporting it to bash developers, it has not been fixed.
...
Any comments about this issue are welcomed. Details at: http://hmarco.org/bugs/bash_4.3-setuid-bug.html
I'm only going by the patch presented above, so ... 1. The program should be calling setgid() before setuid() (which is another common class of security mistake). 2. Why is exit() returning values greater than 255? It's not capable of doing that under (most) Unix environments. -- Regards, Daryl Tester Handcrafted Computers Pty. Ltd.
