privmode patch disables setuid protection
Bug #1459201 reported by
Marc Deslauriers
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| bash (Debian) |
Fix Released
|
Unknown
|
|||
| bash (Ubuntu) |
Fix Released
|
Undecided
|
Marc Deslauriers | ||
Bug Description
Debian carries a patch called "privmod.diff" that prevents bash from dropping privileges when setuid if not called "sh".
This patch should be removed as it disables a bash security feature.
Related branches
| Changed in bash (Ubuntu): | |
| status: | New → Triaged |
| assignee: | nobody → Marc Deslauriers (mdeslaur) |
| Changed in bash (Debian): | |
| status: | Unknown → Won't Fix |
Revision history for this message
| Launchpad Janitor (janitor) wrote | #1 |
| Changed in bash (Ubuntu): | |
| status: | Triaged → Fix Released |
| Changed in bash (Debian): | |
| status: | Won't Fix → Fix Released |
To post a comment you must log in.
This bug was fixed in the package bash - 4.3-11ubuntu3
---------------
bash (4.3-11ubuntu3) wily; urgency=medium
* debian/
privilege dropping security feature. (LP: #1459201)
-- Marc Deslauriers <email address hidden> Wed, 27 May 2015 10:57:56 -0400