55 lines
1.6 KiB
Plaintext
55 lines
1.6 KiB
Plaintext
BASH PATCH REPORT
|
|
=================
|
|
|
|
Bash-Release: 4.3
|
|
Patch-ID: bash43-048
|
|
|
|
Bug-Reported-by: up201407890@alunos.dcc.fc.up.pt
|
|
Bug-Reference-ID: <20151210201649.126444eionzfsam8@webmail.alunos.dcc.fc.up.pt>
|
|
Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2015-12/msg00054.html
|
|
|
|
Bug-Description:
|
|
|
|
If a malicious user can inject a value of $SHELLOPTS containing `xtrace'
|
|
and a value for $PS4 that includes a command substitution into a shell
|
|
running as root, bash will expand the command substitution as part of
|
|
expanding $PS4 when it executes a traced command.
|
|
|
|
Patch (apply with `patch -p0'):
|
|
|
|
*** ../bash-4.3-patched/variables.c 2015-11-26 12:31:21.000000000 -0500
|
|
--- variables.c 2015-12-23 10:19:01.000000000 -0500
|
|
***************
|
|
*** 496,500 ****
|
|
set_if_not ("PS2", secondary_prompt);
|
|
}
|
|
! set_if_not ("PS4", "+ ");
|
|
|
|
/* Don't allow IFS to be imported from the environment. */
|
|
--- 496,504 ----
|
|
set_if_not ("PS2", secondary_prompt);
|
|
}
|
|
!
|
|
! if (current_user.euid == 0)
|
|
! bind_variable ("PS4", "+ ", 0);
|
|
! else
|
|
! set_if_not ("PS4", "+ ");
|
|
|
|
/* Don't allow IFS to be imported from the environment. */
|
|
|
|
*** ../bash-4.3/patchlevel.h 2012-12-29 10:47:57.000000000 -0500
|
|
--- patchlevel.h 2014-03-20 20:01:28.000000000 -0400
|
|
***************
|
|
*** 26,30 ****
|
|
looks for to find the patch level (for the sccs version string). */
|
|
|
|
! #define PATCHLEVEL 47
|
|
|
|
#endif /* _PATCHLEVEL_H_ */
|
|
--- 26,30 ----
|
|
looks for to find the patch level (for the sccs version string). */
|
|
|
|
! #define PATCHLEVEL 48
|
|
|
|
#endif /* _PATCHLEVEL_H_ */
|