[Bug 1208233] Re: Test relating to solaris may cause execution of arbitrary code

Marc Deslauriers marc.deslauriers at canonical.com
Tue Aug 19 18:37:22 UTC 2014 

*** This bug is a duplicate of bug 1208215 ***
    https://bugs.launchpad.net/bugs/1208215

Sorry, I can't see what the security issue could be.

If you are running it as your own user, only you or root can override
which print gets used. As such, you must trust yourself and you must
trust root. The current directory should never be in the PATH, so that
is not an issue.

In other words, an unprivileged user can't use this flaw to attack
another, so it has no security implication.

As such, I am unmarking it as a security issue, and am going to dupe it
to bug 1208215.


** Information type changed from Private Security to Public

** This bug has been marked a duplicate of bug 1208215
   Test relating to solaris hangs my system

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to autoconf in Ubuntu.
https://bugs.launchpad.net/bugs/1208233

Title:
  Test relating to solaris may cause execution of arbitrary code

Status in “autoconf” package in Ubuntu:
  New

Bug description:
  I already reported this in bug 1208215, but after that while walking
  my dogs I realized the security implications.  Not knowing how to
  withdraw or modify the public bug, I'm submitting this one.

  Line 55 of the /usr/bin/autoconf script attempts to test for the Bash shell thus:
       if test -z "$BASH_VERSION$ZSH_VERSION" \
  This does not work because of the hashbang making my Bash shell act as a Bourne shell, not a bash one, and the string is empty

  Then, thinking it's a Korn shell, the script invokes the builtin
  "print" command on line 56.  But on bash shells its not builtin.  It's
  not builtin on Bourne shells either, if it matters.  Thus, on my
  system, it invoked a script that I wrote.

  Here's the security problem:
  It could have invoked something with that name placed by anyone, perhaps in the current directory, perhaps like me in /usr/local/bin.

  Autoconf is run so frequently with root privileges that I worry about
  this.

  ProblemType: Bug
  DistroRelease: Ubuntu 12.04
  Package: autoconf 2.68-1ubuntu2
  ProcVersionSignature: Ubuntu 3.2.0-49.75-generic-pae 3.2.46
  Uname: Linux 3.2.0-49-generic-pae i686
  NonfreeKernelModules: nvidia
  ApportVersion: 2.0.1-0ubuntu17.3
  Architecture: i386
  Date: Sun Aug  4 11:48:03 2013
  InstallationMedia: Xubuntu 12.04.1 LTS "Precise Pangolin" - Release i386 (20120817.3)
  MarkForUpload: True
  PackageArchitecture: all
  ProcEnviron:
   TERM=xterm
   LC_COLLATE=C
   PATH=(custom, no user)
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: autoconf
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/autoconf/+bug/1208233/+subscriptions

More information about the foundations-bugs mailing list