From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <zsh-workers-return-33414-mason-zsh=primenet.com.au@zsh.org>
Received: (qmail 16403 invoked by alias); 10 Oct 2014 01:54:20 -0000
Mailing-List: contact zsh-workers-help@zsh.org; run by ezmlm
Precedence: bulk
X-No-Archive: yes
List-Id: Zsh Workers List <zsh-workers.zsh.org>
List-Post: <mailto:zsh-workers@zsh.org>
List-Help: <mailto:zsh-workers-help@zsh.org>
X-Seq: 33414
Received: (qmail 5924 invoked from network); 10 Oct 2014 01:54:19 -0000
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on f.primenet.com.au
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_NONE
	autolearn=ham version=3.3.2
From: Bart Schaefer <schaefer@brasslantern.com>
Message-id: <141009185417.ZM29893@torch.brasslantern.com>
Date: Thu, 09 Oct 2014 18:54:17 -0700
In-reply-to:
 <CAH_OBicE38Mj6FW=1bbXMH7YZWNb0FRsPUM9wEPtKQe+3Z-V3A@mail.gmail.com>
Comments: In reply to shawn wilson <ag4ve.us@gmail.com>
 "Re: zsh 5.0.7 released" (Oct  9,  6:41pm)
References: <20141008193835.5d66c0ad@pws-pc.ntlworld.com>
	<CAH_OBieFY24--_Ka637pM0g-iKEKLrnz4zXLcWKj9_mx+DKn=w@mail.gmail.com>
	<20141009214806.201e9c0d@pws-pc.ntlworld.com>
	<CAH_OBicE38Mj6FW=1bbXMH7YZWNb0FRsPUM9wEPtKQe+3Z-V3A@mail.gmail.com>
X-Mailer: OpenZMail Classic (0.9.2 24April2005)
To: "Zsh Hackers' List" <zsh-workers@zsh.org>
Subject: Re: zsh 5.0.7 released
Cc: shawn wilson <ag4ve.us@gmail.com>
MIME-version: 1.0
Content-type: text/plain; charset=us-ascii

On Oct 9,  6:41pm, shawn wilson wrote:
}
} > > > privilege escalation, under some specific and atypical conditions
} > > > where zsh is being invoked in privilege elevation contexts when the
} > > > environment has not been properly sanitized, such as when zsh is
} > > > invoked by sudo on systems where "env_reset" has been disabled.
} > >
} > > Was this security issue in SSH discussed on the list somewhere (I can't
} 
} s/SSH/bash/

Did you mean zsh instead of bash?

} > > seem to find other mention of it outside the readme - not even direct
} > > mention in changelog or git log)...?
} 
} And I was referring to the zsh readme, changelog, git log.

The paragraph about "privilege escalation" quoted above appears at the
top of the README file.

Change log entry is this:

2014-09-29  Peter Stephenson  <p.stephenson@samsung.com>

        * users/19183: Src/hist.c: handle unlikely error case with
        fdopen() better.

        * 33276: Src/params.c, Src/zsh.h: safer import of numerical
        variables from environment.

The git log is very brief and is the same as the 33276 ChangeLog.


} > I don't know of an ssh issue,  but the sudo issue was discussed offline.
} >
} > The original point about sanitising integer imports, however, was
} discussed
} > here.
} 
} Huh, I'll look again.

The first mention of the integer import problem on the list is here:

    http://www.zsh.org/mla/workers/2014/msg01041.html

-- 
Barton E. Schaefer