Use restricted option `bash -r`
Bug #1627153 reported by
Rahul U Nair
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| bash8 |
New
|
Undecided
|
Unassigned | ||
Bug Description
It would be better to use `bash -rn` rather than `bash -n` as an additional security measure, so that the script do not have access to thing, it is not supposed to. This would help if eventually bashate is used in a gate job and limit possible damage from running a malicious script.
Revision history for this message
| mcandre (andrew-pennebaker) wrote | #1 |
To post a comment you must log in.
bash restricted mode is not secure.
$ bash -r -c "bash -c 'cd /; pwd'"
/
It's barely even a safety feature. What even is restricted mode, anyway?