Ban file symlinks under /proc for all users.

Travis Ormandy informs of an attack via /proc/<pid>/fd/<n>
involving an unlinked file. When the fd link refers to a file
"/path/to/foo", that file can be unlinked. The link then
spontaneously changes to "/path/to/foo (deleted)". A user
who doesn't have permissions to /proc/<pid>/fd can
perpetrate this deletion via unlink, relying on their
permission to unlink /path/to/foo, which is an unrelated
path.

* safepath.c (abs_path_check): Do not call geteuid(); perform
the check unconditionally, regardless of the effective ID
of the caller.  This change means that safepath_check does
not trust paths generated by Bash process substitution on
Linux, even for non-root users. Bash should be built to
use named FIFOs, even on Linux, and avoid the dangerous
/dev/fd -> /proc/self/fd mechanism.

0 files changed, 0 insertions, 0 deletions