touch-packages team mailing list archive

Thread
Date

[Bug 1459201] Re: privmode patch disables setuid protection

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Bug Watch Updater <1459201@xxxxxxxxxxxxxxxxxx>
Date: Mon, 27 Jul 2015 03:19:59 -0000
Reply-to: Bug 1459201 <1459201@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: bash (Debian)
       Status: Won't Fix => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/1459201

Title:
  privmode patch disables setuid protection

Status in bash package in Ubuntu:
  Fix Released
Status in bash package in Debian:
  Fix Released

Bug description:
  Debian carries a patch called "privmod.diff" that prevents bash from
  dropping privileges when setuid if not called "sh".

  This patch should be removed as it disables a bash security feature.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1459201/+subscriptions

References

[Bug 1459201] [NEW] privmode patch disables setuid protection
From: Marc Deslauriers, 2015-05-27