diff options
author | Chet Ramey <chet.ramey@case.edu> | 2019-11-25 02:05:27 +0100 |
---|---|---|
committer | Vasyl Gello <vasek.gello@gmail.com> | 2019-11-25 22:17:20 +0000 |
commit | eda2c2a42c36b0df7b1b8b1f96f02b3e5ec4f8fe (patch) | |
tree | 10fc2631401bfd7e148bad14e91479856560004c | |
parent | ca4d835b0e37785a997883fca3c0c03e1b1259b8 (diff) | |
download | android_external_bash-cm-14.1.tar.gz android_external_bash-cm-14.1.tar.bz2 android_external_bash-cm-14.1.zip |
bash: BASH_CMD is writable in restricted bash shellscm-14.1
rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying
BASH_CMDS, thus allowing the user to execute any command with the permissions
of the shell.
Fixes CVE-2019-9924
Change-Id: I1276b0920e28edd2096c3e9a346ce1d79304a66b
-rw-r--r-- | variables.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/variables.c b/variables.c index f816ffe..b059b1a 100644 --- a/variables.c +++ b/variables.c @@ -1601,6 +1601,13 @@ assign_hashcmd (self, value, ind, key) arrayind_t ind; char *key; { +#if defined (RESTRICTED_SHELL) + if (restricted && strchr (value, '/')) + { + sh_restricted (value); + return (SHELL_VAR *)NULL; + } +#endif phash_insert (key, value, 0, 0); return (build_hashcmd (self)); } |