Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: BUG: crafting SHELLOPTS and PS4 allows to run arbitrary programs in setuid binaries using system

X-seq: zsh-workers 39461
From: Peter Stephenson <p.stephenson@xxxxxxxxxxx>
To: zsh-workers@xxxxxxx
Subject: Re: BUG: crafting SHELLOPTS and PS4 allows to run arbitrary programs in setuid binaries using system
Date: Tue, 27 Sep 2016 10:28:15 +0100
Cms-type: 201P
In-reply-to: <37737.1474966607@hydra.kiddle.eu>
List-help: <mailto:zsh-workers-help@zsh.org>
List-id: Zsh Workers List <zsh-workers.zsh.org>
List-post: <mailto:zsh-workers@zsh.org>
Mailing-list: contact zsh-workers-help@xxxxxxx; run by ezmlm
Organization: Samsung Cambridge Solution Centre
References: <CALDAOts+rgsuZfABkgVBphvY4CLcUiMLFA4xR0bUXPNxnhcHug@mail.gmail.com> <CGME20160927090431eucas1p234c3e9e8bcf8d59f89b252f77ab02dd0@eucas1p2.samsung.com> <37737.1474966607@hydra.kiddle.eu>

On Tue, 27 Sep 2016 10:56:47 +0200
Oliver Kiddle <okiddle@xxxxxxxxxxx> wrote:
> Zsh also needs the prompt_subst option to enable command substitution in
> PS4. Perhaps there's an argument for not importing PS4 from the
> environment in certain cases anyway but I can't see any security issue.

PROMPT_SUBST is enabled in any sh-style emulation, so that's an issue.

I can't offhand think of any way of turning on XTRACE from the
environment, though.  Note that $_ is already marked PM_DONTIMPORT.

pws

References:
- BUG: crafting SHELLOPTS and PS4 allows to run arbitrary programs in setuid binaries using system
  - From: Mateusz Lenik
- Re: BUG: crafting SHELLOPTS and PS4 allows to run arbitrary programs in setuid binaries using system
  - From: Oliver Kiddle

Messages sorted by: Reverse Date, Date, Thread, Author