This bug was fixed in the package dash - 0.5.7-4ubuntu2
---------------
dash (0.5.7-4ubuntu2) wily; urgency=medium
* Drop privileges when euid != uid as a security measure (LP: #1215660)
- debian/diff/9001-Add-privmode-Part-1.diff
- debian/diff/9002-Add-privmode-Part-2.diff
-- Marc Deslauriers <[email protected]> Wed, 03 Jun 2015
11:08:33 -0400
** Changed in: dash (Ubuntu)
Status: Triaged => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1215660
Title:
dash does not drop privileges when euid != uid, this can cause local
root exploits when setuid programs use system() or popen()
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dash/+bug/1215660/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
