*** This bug is a security vulnerability *** Public security bug reported:
Debian carries a patch called "privmod.diff" that prevents bash from dropping privileges when setuid if not called "sh". This patch should be removed as it disables a bash security feature. ** Affects: bash (Ubuntu) Importance: Undecided Assignee: Marc Deslauriers (mdeslaur) Status: Triaged ** Affects: bash (Debian) Importance: Unknown Status: Unknown ** Bug watch added: Debian Bug tracker #720545 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720545 ** Also affects: bash (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720545 Importance: Unknown Status: Unknown ** Changed in: bash (Ubuntu) Status: New => Triaged ** Changed in: bash (Ubuntu) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1459201 Title: privmode patch disables setuid protection To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1459201/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs