touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #111325
[Bug 1507025] Re: Shell Command Injection with the hostname
I can't imagine the effort involved in hardening all applications to
treat the hostname as untrusted input.
ISPs that sell vservers are really no different from Intel or AMD or
whoever makes your CPU -- you trust them completely and totally with
your data, your executables, and your entire operating environment. They
can inject anything they wish into your system's memory whenever they
wish.
Making sure the dhcp clients don't allow setting these kinds of
hostnames however, that might be a good idea. Enforcing the usual dns
guidelines of a-zA-Z0-9-_ might be worthwhile..
Thanks
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/1507025
Title:
Shell Command Injection with the hostname
Status in bash package in Ubuntu:
New
Bug description:
If the HOSTNAME of the pc contains a shell command ,
the command will run every time you start a terminal, tty or xterm.
The command will also executed every time when you type in some command.
If you for example change the directory , it will run again.
Exploit Demo :
1) edit "/etc/hosts" to this :
127.0.0.1 localhost
127.0.1.1 `ls>bug`
2) edit "/etc/hostname" to this :
`ls>bug`
3) reboot
4) start a terminal
5) Now a file with the name "bug" will in your home folder !
6) Change the directory to Downloads with "cd Downloads/"
7) Now a file with the name "bug" is in your Downloads !
8) Remove the file with "rm bug"
9) The file "bug" is still there !
Have a look on the screenshot i have attached.
Solution:
The hostname should be checked if there are shell commands inside !!
By the way :
The hostname is not always in the hands of the root.
Some people rent "vservers" and the hostname is in the hands of the isp.
ProblemType: Bug
DistroRelease: Ubuntu 15.10
Package: bash 4.3-14ubuntu1
ProcVersionSignature: Ubuntu 4.2.0-15.18-generic 4.2.3
Uname: Linux 4.2.0-15-generic x86_64
ApportVersion: 2.19.1-0ubuntu2
Architecture: amd64
CurrentDesktop: Unity
Date: Fri Oct 16 22:31:46 2015
InstallationDate: Installed on 2015-10-09 (6 days ago)
InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Alpha amd64 (20151009)
SourcePackage: bash
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1507025/+subscriptions