> 2014-06-03 16:16 GMT+02:00 Hector Marco <hecmargi@xxxxxx>: > > Hi everyone, > > Recently we discovered a bug in bash. After some time after reporting > it to bash developers, it has not been fixed. > > We think that this is a security issue because in some circumstances > the bash security feature could be bypassed allowing the bash to be a > valid target shell in an attack. > > We strongly recommend to patch your bash code. > > Why don't fix this bug by simple adding mandatory "if" clause ? > Any comments about this issue are welcomed. > > > Details at: > http://hmarco.org/bugs/bash_4.3-setuid-bug.html It looks like Rage Against The Cage has been rediscovered. Also known as Android ADB Setuid bug. Jeff
