[Pkg-shadow-devel] Bug#620898: Moving bash from essential/required to important
Bálint Réczey
balint at balintreczey.hu
Tue Mar 12 16:45:08 GMT 2019
Hi Dmitry,
Dmitry Bogatov <KAction at debian.org> ezt írta (időpont: 2019. márc.
10., V, 20:13):
>
>
> [2017-01-21 20:54] Balint Reczey <balint at balintreczey.hu>
> > Control: tags -1 confirmed
> >
> > Hi,
> >
> > On Sat, 27 Sep 2014 21:14:46 -0500 Troy Benjegerdes <hozer at hozed.org> wrote:
> > > So can we have a prerm script for bash that sets the root
> > > shell back to /bin/sh, or at least asks the admin if they want
> > > zsh or tcsh, and warns about any other users?
> > >
> > > Any of this stuff of trying to have login figure out the
> > > right shell seems like a new remote exploit in the making.
> >
> > It is too late for making changes related to this bug in Stretch. :-(
> > In the next cycle we will evaluate switching to login implementatiln in
> > util-linux per #833256. This bug may be solved by the switch or later in
> > util-linux.
>
> Hi! What is the current state of bug? There was fine (IMO) proposal,
Only su moved to util-linux due to lack of time. :-(
>
> So can we have a prerm script for bash that sets the root
> shell back to /bin/sh, or at least asks the admin if they want
> zsh or tcsh, and warns about any other users?
>
> but as bash=5.0-2 it did not make its way. What is missing? Should I
> submit patch, implementing this proposal?
I think submitting the patch against bash makes sense, but the timing
is unfortunate again, since the full freeze is about to start.
It bash gets patched after the release we can make it happen for Buster+1.
Cheers,
Balint
More information about the Pkg-shadow-devel
mailing list