[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bash-bug
Subject:    Re: [PATCH] bash: add socket server support
From:       Mike Frysinger <vapier () gentoo ! org>
Date:       2013-11-27 7:37:02
Message-ID: 201311270237.03535.vapier () gentoo ! org
[Download RAW message or body]


On Thursday 14 November 2013 00:50:33 Piotr Grzybowski wrote:
>  I can think of an attack, just provide me with ip address of the host
> :) and a root account password and login :)
> 
>  I agree that most systems have other abilities to do the (almost)
> same, but yet, all systems (that is to say many more than have nc)
> have bash, and while roots on those will expect netcat to be able to
> open listen sockets they do not necessarily expect bash to do the
> same.
>  My main point is: this patch means that every user that has access to
> who-knows-how restricted shell can open listen sockets, and unless
> someone thought of using grsecurity to deny access to bind(2) it is
> unrestricted.

as Joel said, the functionality he is adding does not impact the attack vector 
at all.  bash already has networking functionality built into it.

>  This feature should at least be switchable, or otherwise restricted.

it already is via a configure flag: --disable-net-redirections
-mike

["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]