From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <zsh-workers-return-33235-mason-zsh=primenet.com.au@zsh.org>
Received: (qmail 17727 invoked by alias); 24 Sep 2014 17:56:07 -0000
Mailing-List: contact zsh-workers-help@zsh.org; run by ezmlm
Precedence: bulk
X-No-Archive: yes
List-Id: Zsh Workers List <zsh-workers.zsh.org>
List-Post: <mailto:zsh-workers@zsh.org>
List-Help: <mailto:zsh-workers-help@zsh.org>
X-Seq: 33235
Received: (qmail 26430 invoked from network); 24 Sep 2014 17:56:04 -0000
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on f.primenet.com.au
X-Spam-Level: 
X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW autolearn=ham
	version=3.3.2
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc:content-type:content-transfer-encoding;
        bh=vR+CqNWx//vQzHKdLFfRRQd1M3sKAZziFXZyE7OS4ws=;
        b=LpwagUQAZ1b0iHHTqgkOl9jGmDdjqhUB6O1zj3DxMYSXmgSMFDK8QEn/ouZIoeNEZI
         2ORnzQkcxUgY1gcW5l8ek1yGS5pIplgbW8iR3c718sqGyDJZ/IgG8WdIMxEVrIRHtP/e
         i3xn87ivJ6MQ5ky8gLWrgZSCevaBmo7+S7O9hQYN1+mK3ISmaQiSidW0dB2q/R9f7EgV
         +JYL64TutG9v5FmN1EE7RGYxXCfH5P9PfXywmEwI3ggGeq5sGcGWGPGO1B+LYDHABiJr
         7qwDCQvlopqHPXQWQUNiWvMaRPSboIdN2RzTAwdHBomvZt50V3bJeTbXelO2Xchlip0b
         5h6Q==
X-Received: by 10.180.96.161 with SMTP id dt1mr32109153wib.1.1411571642720;
 Wed, 24 Sep 2014 08:14:02 -0700 (PDT)
MIME-Version: 1.0
In-Reply-To: <20140924160119.313cbdcd@pwslap01u.europe.root.pri>
References: <CAJ1KOAjyBjbywavXwa+ejjQD1YjK8eCSGaESYhJxCb1e3KPjFg@mail.gmail.com>
 <87fvfhvzl9.fsf@ft.bewatermyfriend.org> <20140924160119.313cbdcd@pwslap01u.europe.root.pri>
From: =?UTF-8?B?SsOpcsOpbWllIFJvcXVldA==?= <arkanosis@gmail.com>
Date: Wed, 24 Sep 2014 17:13:47 +0200
Message-ID: <CAFOazAOAgf8XAgFgLHWCF9NprdZ1sbzvXiFmEUGgoXSKP3rYww@mail.gmail.com>
Subject: Re: zsh seems to be vulnerable to CVE-2014-6271: remote code
 execution through bash
To: Peter Stephenson <p.stephenson@samsung.com>
Cc: Frank Terbeck <ft@bewatermyfriend.org>, "Zsh Hackers' List" <zsh-workers@zsh.org>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

2014-09-24 17:01 GMT+02:00 Peter Stephenson <p.stephenson@samsung.com>:
> On Wed, 24 Sep 2014 16:54:10 +0200
> Frank Terbeck <ft@bewatermyfriend.org> wrote:
>> Bash has this weird feature, where you can "export functions". I suspect
>> that's what's happening here. Zsh doesn't have this feature. Thankfully.
>
> I was going to suggest the same.  Can anyone less lazy / busy [pick
> whatever you think] than me confirm for sure?  Be nice to know.

Looks like you're right:

https://lists.gnu.org/archive/html/bug-bash/2014-09/msg00087.html

--=20
J=C3=A9r=C3=A9mie