Use restricted option `bash -r`
Bug #1627153 reported by
Rahul U Nair
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
bash8 |
New
|
Undecided
|
Unassigned |
Bug Description
It would be better to use `bash -rn` rather than `bash -n` as an additional security measure, so that the script do not have access to thing, it is not supposed to. This would help if eventually bashate is used in a gate job and limit possible damage from running a malicious script.
To post a comment you must log in.
bash restricted mode is not secure.
$ bash -r -c "bash -c 'cd /; pwd'"
/
It's barely even a safety feature. What even is restricted mode, anyway?