From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <zsh-workers-return-33234-mason-zsh=primenet.com.au@zsh.org>
Received: (qmail 7765 invoked by alias); 24 Sep 2014 15:15:48 -0000
Mailing-List: contact zsh-workers-help@zsh.org; run by ezmlm
Precedence: bulk
X-No-Archive: yes
List-Id: Zsh Workers List <zsh-workers.zsh.org>
List-Post: <mailto:zsh-workers@zsh.org>
List-Help: <mailto:zsh-workers-help@zsh.org>
X-Seq: 33234
Received: (qmail 28215 invoked from network); 24 Sep 2014 15:15:37 -0000
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on f.primenet.com.au
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_NONE,
	SPF_HELO_PASS autolearn=ham version=3.3.2
From: Frank Terbeck <ft@bewatermyfriend.org>
To: Peter Stephenson <p.stephenson@samsung.com>
Cc: Zsh Hackers' List <zsh-workers@zsh.org>
Subject: Re: zsh seems to be vulnerable to CVE-2014-6271: remote code execution through bash
In-Reply-To: <20140924160119.313cbdcd@pwslap01u.europe.root.pri> (Peter
	Stephenson's message of "Wed, 24 Sep 2014 16:01:19 +0100")
References: <CAJ1KOAjyBjbywavXwa+ejjQD1YjK8eCSGaESYhJxCb1e3KPjFg@mail.gmail.com>
	<87fvfhvzl9.fsf@ft.bewatermyfriend.org>
	<20140924160119.313cbdcd@pwslap01u.europe.root.pri>
User-Agent: Gnus/5.130008 (Ma Gnus v0.8) Emacs/24.3.93 (gnu/linux)
Date: Wed, 24 Sep 2014 17:08:43 +0200
Message-ID: <87bnq5vyx0.fsf@ft.bewatermyfriend.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Df-Sender: NDMwNDQ0

Peter Stephenson wrote:
> On Wed, 24 Sep 2014 16:54:10 +0200
> Frank Terbeck <ft@bewatermyfriend.org> wrote:
>> Bash has this weird feature, where you can "export functions". I suspect
>> that's what's happening here. Zsh doesn't have this feature. Thankfully.
>
> I was going to suggest the same.  Can anyone less lazy / busy [pick
> whatever you think] than me confirm for sure?  Be nice to know.

I just skimmed through the text in the link the OP provided. Here's an
excerpt:

[snip]
    Like =E2=80=9Creal=E2=80=9D programming languages, Bash has functions, =
though in a
    somewhat limited implementation, and it is possible to put these
    bash functions into environment variables. This flaw is triggered
    when extra code is added to the end of these function definitions
    (inside the enivronment variable).
[snap]

So, yeah. Looks like it. :)


Regards, Frank