Using rbash (from bash-2.05b) as login-shell in /etc/passwd opens an unrestricted shell. Same bug was reported in debian several months ago (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=170298) IMO this is a security relevant bug at least for systems where the restricted features of the bash - by 'ln -s /bin/bash /bin/rbash' and - defining /bin/rbash for users in /etc/passwd as shell should be used. On systems depending on this feature a downgrade to bash-2.05a (which does not show this behaviour) seems recommended.
Temp work around patching comming soon. --------------- rbash.c ----------------------- #include <unistd.h> int main(int argc, char **argv, char **envp) { char *ARGV[] = { "/bin/bash", "-r", NULL }; return execve("/bin/bash", ARGV, envp); } -----------------------------------------------
rbash support for 2.05(b) is would be new functionality for bash on gentoo, and this problem is not serious enough to warrant any type of security advisory imo. However we can add Matthias Eckermann patch from http://mail.gnu.org/archive/html/bug-bash/2003-01/msg00074.html to bash-2.05b-r7 ~masked as well as a dosym to create a rbash symlink to /bin/bash by default. I've tested here local and it seems to works great. If no objections pop up in the next day or two I'll be happy to commit this to portage.
Support for restricted bash when invoked from /etc/passwd as /bin/rbash was added to portage. Changing bug status to TEST-REQUEST.
marked stable. changing resolution to FIXED
changing resolution to FIXED again.
