Bash gets shellshocked [LWN.net]

Bash gets shellshocked

Posted Oct 2, 2014 11:54 UTC (Thu) by Siosm (subscriber, #86882)
Parent article: Bash gets shellshocked

Let's not forget that critical bugs were found in dash too: http://blog.cmpxchg8b.com/2013/08/security-debianisms.html

to post comments

Bash gets shellshocked

Posted Oct 3, 2014 9:39 UTC (Fri) by cortana (subscriber, #24596) [Link] (1 responses)

That's not a hole in dash, it's a hole in anything that calls another program without cleaning its environment. In the example given, VMWare's vmware-mount utility, which is setuid, does not clean PATH before executing lsb_release. This is inexcusably bad, and makes me wonder what other horrors lurk within that codebase.

Bash gets shellshocked

Posted Oct 3, 2014 9:52 UTC (Fri) by Siosm (subscriber, #86882) [Link]

We can call it a "lack of security feature" if you like, but that won't change the fact that this allowed local root escalation where bash would have not. Whether or not WMware is crapware doesn't really matter here.

I'm definitely not pro-bash, nor anti-dash, but switching shells because one vulnerability was found is "fear driven security".