Log in
A Bash Script Vulnerability and Solution
Bash executes commands one by one even from a script as if it comes from the terminal input (unless you group them in curly brackets) a script can be edited while running, and it executes the edited content.
If a script is sudo executed by an admin and is writable by the admin(or group or anyone), it is also writable by any other running process that belongs to whoever has write access without requiring root permissions.
This means that a malicious process can patiently wait until the sys admin runs one of his/her own scripts that is writable by the sys admin, without root permissions, and edit it while running to gain root access. (This means a sys admin can't be confident that the script he/she vetted or wrote, will do whatever it supposed to unless he/she makes it completely write protected before execution.)
Temporarily revoking write access is a solution to protect against that, however killing the process will prevent it from reinstating write access. (Which can be annoying, but a sys admin who has the right to run it as with sudo, should also be able to make it writable again. Either way I'd rather get annoyed then rooted because of negligence.)
I reported this to [email protected] I got several answers downplaying the severity, emphasizing the inadequacy or possible side effects of raised solutions, shifting responsibility, etc. until the conversation about it died out. It does not look like it's gonna be fixed any time soon, so I decided to put this up on github in an attempt to raise awareness and offer an individual workaround for those who don't wanna fall for this.
https://github.com/RPBCACUEAIIBH/Bash-Script-Vulnerability-And-Solution
