View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0000536Kali LinuxGeneral Bugpublic2013-08-22 20:502018-01-29 11:11
Reportercompuwar Assigned Tog0tmi1k  
PrioritynormalSeverityfeatureReproducibilityalways
Status closedResolutionsuspended 
PlatformAllOSAllOS VersionAll
Summary0000536: Debian default shell security issue
Description

By default, Debian links /bin/sh to /bin/dash as its default shell. This shell is vulnerable to set-uid exploits as described here:

http://blog.cmpxchg8b.com/2013/08/security-debianisms.html

(Sample uses VMWare as an example.)

Fix:

  1. Change default shell to link to bash:

a. Issue the command: dpkg-reconfigure dash.
b. Tell it no, and let it switch to bash as the default shell.
c. Profit.

  1. Patch dash to act like bash:

http://thread.gmane.org/gmane.comp.shells.dash/841

Steps To Reproduce

Follow above links to see.

Additional Information

Initially marking as private- not earth-shattering, but it's a possible priv. escalation on current systems, please feel free to switch status to public.

Yes, I know we're all running as root anyway, and the attack surface is small, but I'm erring on the side of caution.

Relationships

Relationship GraphDependency Graph
related to 0000540 closedg0tmi1k Implement privmode Support in dash 

Activities

rhertzog

rhertzog

2014-01-10 14:42

administrator   ~0001326

As a first step, I filed two bugs on the Debian BTS against bash and dash:
http://bugs.debian.org/734866
http://bugs.debian.org/734869

Because it seems to me that this issue needs to be solved at the Debian level and not only at the Kali level.
dookie

dookie

2014-01-10 14:46

reporter   ~0001327

The proposed patches from the mailing list thread can be found here:

https://bugs.kali.org/view.php?id=540

Issue History

Date Modified Username Field Change
2013-08-22 20:50 compuwar New Issue
2014-01-10 14:42 rhertzog Note Added: 0001326
2014-01-10 14:43 rhertzog Priority immediate => normal
2014-01-10 14:43 rhertzog Severity block => feature
2014-01-10 14:46 dookie Note Added: 0001327
2014-01-10 14:47 rhertzog Description Updated
2014-01-10 14:48 rhertzog Relationship added related to 0000540
2014-01-10 14:49 rhertzog View Status private => public
2018-01-29 11:11 g0tmi1k Assigned To => g0tmi1k
2018-01-29 11:11 g0tmi1k Status new => closed
2018-01-29 11:11 g0tmi1k Resolution open => suspended