FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

sudo -- arbitrary command execution

Affected packages
sudo <


VuXML ID 1b725079-9ef6-11da-b410-000e0c2e438a
Discovery 2005-10-25
Entry 2006-02-16

Tavis Ormandy reports:

The bash shell uses the value of the PS4 environment variable (after expansion) as a prefix for commands run in execution trace mode. Execution trace mode (xtrace) is normally set via bash's -x command line option or interactively by running "set -o xtrace". However, it may also be enabled by placing the string "xtrace" in the SHELLOPTS environment variable before bash is started.

A malicious user with sudo access to a shell script that uses bash can use this feature to run arbitrary commands for each line of the script.


Bugtraq ID 15191
CVE Name CVE-2005-2959