* Restricted Mode Vuln
@ 2016-06-16 3:37 Duncan X. Simpson
2016-06-16 8:45 ` Peter Stephenson
0 siblings, 1 reply; 2+ messages in thread
From: Duncan X. Simpson @ 2016-06-16 3:37 UTC (permalink / raw)
To: zsh-workers
[-- Attachment #1: Type: text/plain, Size: 227 bytes --]
Restricted Mode should prevent the user from changing $IFS. One example of
an exploit:
http://linuxshellaccount.blogspot.com/2008/05/restricted-accounts-and-vim-tricks-in.html
Love this shell BTW
--
Duncan X. Simpson, K7DXS
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Restricted Mode Vuln
2016-06-16 3:37 Restricted Mode Vuln Duncan X. Simpson
@ 2016-06-16 8:45 ` Peter Stephenson
0 siblings, 0 replies; 2+ messages in thread
From: Peter Stephenson @ 2016-06-16 8:45 UTC (permalink / raw)
To: zsh-workers
On Thu, 16 Jun 2016 03:37:26 +0000
"Duncan X. Simpson" <virtualdxs@gmail.com> wrote:
> Restricted Mode should prevent the user from changing $IFS. One example of
> an exploit:
> http://linuxshellaccount.blogspot.com/2008/05/restricted-accounts-and-vim-tricks-in.html
Seems fine to me --- the only problem is the usual one that there's no
definitive set of use cases for restricted mode, so we don't know what
people are expecting to be able do with it... I don't think we ever
expect the completion system to work properly in restricted mode, do we?
I would generally expect that any environment involving functions other
than extremely trivial ones can't rely on restricted mode. Comments
welcome.
I've put the restricted parameters in alphabetic order so you can find
them (which I belive is no longer against development policy...).
pws
diff --git a/Doc/Zsh/restricted.yo b/Doc/Zsh/restricted.yo
index b56b50c..6cf9b36 100644
--- a/Doc/Zsh/restricted.yo
+++ b/Doc/Zsh/restricted.yo
@@ -10,11 +10,11 @@ restricted mode:
startitemize()
itemiz(changing directories with the tt(cd) builtin)
-itemiz(changing or unsetting the tt(PATH), tt(path), tt(MODULE_PATH),
-tt(module_path), tt(SHELL), tt(HISTFILE), tt(HISTSIZE), tt(GID), tt(EGID),
-tt(UID), tt(EUID), tt(USERNAME), tt(LD_LIBRARY_PATH),
-tt(LD_AOUT_LIBRARY_PATH), tt(LD_PRELOAD) and tt(LD_AOUT_PRELOAD)
-parameters)
+itemiz(changing or unsetting the tt(EGID), tt(EUID), tt(GID),
+tt(HISTFILE), tt(HISTSIZE), tt(IFS), tt(LD_AOUT_LIBRARY_PATH),
+tt(LD_AOUT_PRELOAD), tt(LD_LIBRARY_PATH), tt(LD_PRELOAD),
+tt(MODULE_PATH), tt(module_path), tt(PATH), tt(path), tt(SHELL),
+tt(UID) and tt(USERNAME) parameters)
itemiz(specifying command names containing tt(/))
itemiz(specifying command pathnames using tt(hash))
itemiz(redirecting output to files)
diff --git a/Src/params.c b/Src/params.c
index ae958ab..e7a7365 100644
--- a/Src/params.c
+++ b/Src/params.c
@@ -284,7 +284,7 @@ IPDEF2("HOME", home_gsu, PM_UNSET),
IPDEF2("TERM", term_gsu, PM_UNSET),
IPDEF2("TERMINFO", terminfo_gsu, PM_UNSET),
IPDEF2("WORDCHARS", wordchars_gsu, 0),
-IPDEF2("IFS", ifs_gsu, PM_DONTIMPORT),
+IPDEF2("IFS", ifs_gsu, PM_DONTIMPORT | PM_RESTRICTED),
IPDEF2("_", underscore_gsu, PM_DONTIMPORT),
IPDEF2("KEYBOARD_HACK", keyboard_hack_gsu, PM_DONTIMPORT),
IPDEF2("0", argzero_gsu, 0),
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2016-06-16 8:55 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-06-16 3:37 Restricted Mode Vuln Duncan X. Simpson
2016-06-16 8:45 ` Peter Stephenson
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/zsh/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).