Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: Zsh - Multiple DoS Vulnerabilities

X-seq: zsh-workers 44301
From: Bart Schaefer <schaefer@xxxxxxxxxxxxxxxx>
To: Daniel Shahaf <d.s@xxxxxxxxxxxxxxxxxx>
Subject: Re: Zsh - Multiple DoS Vulnerabilities
Date: Tue, 14 May 2019 14:38:16 -0700
Cc: David Wells <bughunters@xxxxxxxxxxx>, "zsh-workers@xxxxxxx" <zsh-workers@xxxxxxx>
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=brasslantern-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=sXRORy1K/uCVZd3Hvu0KzD5aeYEM32uDCbQMO9+JJHQ=; b=d1jCHsS8u0Pr8YrwttK6sqnPRXqAQfspbywx+NjbMbqAV82TQL4igUTjjRKQ3Jlc1h q8sCckpwmE1g2709OujyA0s5xAuCWeIItFL7G1shlbVouo8Qc1/TfCeRlUpSRCSh8cOw 4jlGrH3QGk92Aos7eBO3CN40MUzps7WygcfxgLqlLo3ZTAqXlV/oCK5FWEjB4oRlXSqG L5KXU7CNwwPh6gHP0f1mCfBl3VaS8LIpLLrjwjV9CW1rYOgzNMabZ/x8Ob8c+u07iUAA 643lJAxjpK6fnDyuMNAGYkqk859tyBaWEF16NSjEAU9PDIO8ZtvsmPDQ4gsN0488xyhl Vp8g==
In-reply-to: <0b921306-f67c-4971-b9ea-8657c573c5f1@www.fastmail.com>
List-help: <mailto:zsh-workers-help@zsh.org>
List-id: Zsh Workers List <zsh-workers.zsh.org>
List-post: <mailto:zsh-workers@zsh.org>
List-unsubscribe: <mailto:zsh-workers-unsubscribe@zsh.org>
Mailing-list: contact zsh-workers-help@xxxxxxx; run by ezmlm
References: <CAAOKOsfSAR5aRBvEcyQKRzDCvOgRJdyRvVb9AXMq6d22RaUozQ@mail.gmail.com> <CAH+w=7YSL2eLRWeXaZj09er-v4noxuALxAum5Zj4awLP=7mQRQ@mail.gmail.com> <20190512162149.3fsqupqftmwxrbvd@chaz.gmail.com> <CAAOKOsfq-BDfbD1MD01f-soJdhK=rbvr-1kHubCs9uT4GNhG0g@mail.gmail.com> <20190514181026.u4myftmekdtqkhme@chaz.gmail.com> <0b921306-f67c-4971-b9ea-8657c573c5f1@www.fastmail.com>

On Tue, May 14, 2019 at 2:25 PM Daniel Shahaf <d.s@xxxxxxxxxxxxxxxxxx> wrote:
>
> Stephane Chazelas wrote on Tue, 14 May 2019 18:11 +00:00:
> > IMO, from a security standpoint, it's not very useful to fuzz
> > "code" input provided to zsh, as anyway any "code" allows zsh to
> > run any arbitrary command (except for the restricted mode). In
> > other words, the "code" is generally not the attacker supplied
> > data.
>
> Sounds right.  There might be some corner case here

The other interesting case would be one where the zsh code enabled
privilege escalation, i.e., where the coder is the attacker and the
shell is the vector to a different security issue.  A zsh script to
exploit ZombieLoad, for example.

References:
- Zsh - Multiple DoS Vulnerabilities
  - From: David Wells
- Re: Zsh - Multiple DoS Vulnerabilities
  - From: Bart Schaefer
- Re: Zsh - Multiple DoS Vulnerabilities
  - From: Stephane Chazelas
- Re: Zsh - Multiple DoS Vulnerabilities
  - From: David Wells
- Re: Zsh - Multiple DoS Vulnerabilities
  - From: Stephane Chazelas
- Re: Zsh - Multiple DoS Vulnerabilities
  - From: Daniel Shahaf

Messages sorted by: Reverse Date, Date, Thread, Author