This bug was fixed in the package bash - 4.3-11ubuntu3
---------------
bash (4.3-11ubuntu3) wily; urgency=medium
* debian/patches/privmode.diff: disabled patch to re-enable proper
privilege dropping security feature. (LP: #1459201)
-- Marc Deslauriers <[email protected]> Wed, 27 May 2015
10:57:56 -0400
** Changed in: bash (Ubuntu)
Status: Triaged => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/1459201
Title:
privmode patch disables setuid protection
Status in bash package in Ubuntu:
Fix Released
Status in bash package in Debian:
Won't Fix
Bug description:
Debian carries a patch called "privmod.diff" that prevents bash from
dropping privileges when setuid if not called "sh".
This patch should be removed as it disables a bash security feature.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1459201/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
