undefined | Better HN

0 pointsfragmede11y ago0 comments

Most code executions vulnerabilities aren't remotely accessible, which this is, which makes priv-escalation particularly nasty. (eg: incorrectly assuming that since www-data user doesn't have access to anything sensitive, this bug isn't a big deal)

0 comments

dllthomas11y ago

Is it remotely accessible on systems where sh is dash, though? That's specifically what was under discussion.

agwa11y ago

Yes, potentially - if at any point during the execution of a program (or its descendents) a bash script gets called with an untrusted environment variable value from a remote source. The difference between a system with bash as /bin/sh and a system with dash as /bin/sh is that the bash system is implicitly executing bash all the time, whereas the dash system requires an explicitly-bash script to be executed. So the dash system has many fewer windows of opportunity for an exploit, but they could still be there.

dllthomas11y ago

Well, sure. It seems a slightly odd way to phrase it if that's the entirety of what korzun meant, though. Is there somewhere that happens in a typical out-of-the-box Debian or Ubuntu box?

j / k navigate · click thread line to collapse

0 pointsfragmede11y ago0 comments

0 comments

dllthomas11y ago

Is it remotely accessible on systems where sh is dash, though? That's specifically what was under discussion.

agwa11y ago

dllthomas11y ago

Well, sure. It seems a slightly odd way to phrase it if that's the entirety of what korzun meant, though. Is there somewhere that happens in a typical out-of-the-box Debian or Ubuntu box?

j / k navigate · click thread line to collapse