Re: Security hole in history handling for root

[Peter Stephenson <pws@xxxxxxx>]

Richard Hartmann wrote:
> On Wed, Jan 21, 2009 at 18:18, Peter Stephenson <pws@xxxxxxx> wrote:
> 
> > If I can be convinced there is something specific in this case, as
> > opposed to a general security hole that needs much more thinking about,
> > it can be dealt with, but I haven't seen why yet.
> 
> In that case, don't bother. As the RC files are checked, I assumed you
> wanted to get a report for everything which goes in that direction.

The only files checked are the completion ones.  I think the feeling
there was that with a sprawling and unfamiliar system where the test
could easily be added at the function level it was worthwhile.  I am not
aware of any security tests for any files used by the main shell.

Obviously a shell is powerful enough that you can dig a huge hole for
yourself; I'm interested in clearing up zsh-specific things where we've
let users in for some new form of attack, but not for solving the
general problem of shell security, which needs to be done by security
experts.

> Would it help you or anyone if there was a bug tracker? SF.net offers
> one or I could set one up, if you want me to.

It would help a great deal if someone *maintained* the SF bug tracker.
This is quite a big job in its own right.  Obviously this would involve
following the lists pretty closely and soliciting opinions, but it
wouldn't need any programming knowledge.  We could probably limit its
use to things that didn't get fixed within a day or so, since there's
often quite a lot of turnover.

-- 
Peter Stephenson <pws@xxxxxxx>                  Software Engineer
CSR PLC, Churchill House, Cambridge Business Park, Cowley Road
Cambridge, CB4 0WZ, UK                          Tel: +44 (0)1223 692070