From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <zsh-workers-return-44301-ml=inbox.vuxu.org@zsh.org>
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.0 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham autolearn_force=no
	version=3.4.2
Received: from primenet.com.au (ns1.primenet.com.au [203.24.36.2])
	by inbox.vuxu.org (OpenSMTPD) with ESMTP id 0b44ad83
	for <ml@inbox.vuxu.org>;
	Tue, 14 May 2019 21:39:17 +0000 (UTC)
Received: (qmail 27403 invoked by alias); 14 May 2019 21:39:05 -0000
Mailing-List: contact zsh-workers-help@zsh.org; run by ezmlm
Precedence: bulk
X-No-Archive: yes
List-Id: Zsh Workers List <zsh-workers.zsh.org>
List-Post: <mailto:zsh-workers@zsh.org>
List-Help: <mailto:zsh-workers-help@zsh.org>
List-Unsubscribe: <mailto:zsh-workers-unsubscribe@zsh.org>
X-Seq: 44301
Received: (qmail 13141 invoked by uid 1010); 14 May 2019 21:39:05 -0000
X-Qmail-Scanner-Diagnostics: from mail-lj1-f180.google.com by f.primenet.com.au (envelope-from <schaefer@brasslantern.com>, uid 7791) with qmail-scanner-2.11 
 (clamdscan: 0.101.2/25447. spamassassin: 3.4.2.  
 Clear:RC:0(209.85.208.180):SA:0(-1.9/5.0):. 
 Processed in 1.67432 secs); 14 May 2019 21:39:05 -0000
X-Envelope-From: schaefer@brasslantern.com
X-Qmail-Scanner-Mime-Attachments: |
X-Qmail-Scanner-Zip-Files: |
Received-SPF: pass (ns1.primenet.com.au: SPF record at _netblocks.google.com designates 209.85.208.180 as permitted sender)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=brasslantern-com.20150623.gappssmtp.com; s=20150623;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=sXRORy1K/uCVZd3Hvu0KzD5aeYEM32uDCbQMO9+JJHQ=;
        b=d1jCHsS8u0Pr8YrwttK6sqnPRXqAQfspbywx+NjbMbqAV82TQL4igUTjjRKQ3Jlc1h
         q8sCckpwmE1g2709OujyA0s5xAuCWeIItFL7G1shlbVouo8Qc1/TfCeRlUpSRCSh8cOw
         4jlGrH3QGk92Aos7eBO3CN40MUzps7WygcfxgLqlLo3ZTAqXlV/oCK5FWEjB4oRlXSqG
         L5KXU7CNwwPh6gHP0f1mCfBl3VaS8LIpLLrjwjV9CW1rYOgzNMabZ/x8Ob8c+u07iUAA
         643lJAxjpK6fnDyuMNAGYkqk859tyBaWEF16NSjEAU9PDIO8ZtvsmPDQ4gsN0488xyhl
         Vp8g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=sXRORy1K/uCVZd3Hvu0KzD5aeYEM32uDCbQMO9+JJHQ=;
        b=Hy3z89eQhbLb0sFTDQOYv67TQ6YBZbhKflBT2ILa0Obuk/sJ2YCPVDG17QwVnfAIZA
         kh+sleFFmWEQs6ULzvAptshKSAUq7f5tVQGPdIDKqdxQk1x1pnkjiYvff1CdyseuW8zO
         95Mx0VuPFwAZin/sbRDAlHwZw4vHjO0/EGQ1X2r4UXvEjQ+rtV3fW74sKldVRMKEEhiN
         a5dhCGiyPDO2xOsVp0gwOwmCxYL4e3baZDZIvS4dnsoQsl4Ns2uYBOYE1OIZPANQRf29
         /YYxHzVsDoT+BVQJ/+2vaZSDnPF8DQPqY7ARKEns8MMT0JLiDkgbTKyO4skn4A5tSynO
         0inQ==
X-Gm-Message-State: APjAAAVGYXOWJwF7dU0G7fLLTtqRvU94C8U//+tmznaGpTRN1zbIHRzh
	g1GZ7U8BYqq1GjOLJu8H8fLwgNE7MR+fNiISfY4blg==
X-Google-Smtp-Source: APXvYqwgq3duMaZBngDzdJICL0bMtxA+NmrSk8fB5Og+3Bum3Byc8hN2V7qmvUw1H8IUq8Z85OS6gOOUw6ua/V+sEkI=
X-Received: by 2002:a2e:5852:: with SMTP id x18mr6203285ljd.81.1557869908965;
 Tue, 14 May 2019 14:38:28 -0700 (PDT)
MIME-Version: 1.0
References: <CAAOKOsfSAR5aRBvEcyQKRzDCvOgRJdyRvVb9AXMq6d22RaUozQ@mail.gmail.com>
 <CAH+w=7YSL2eLRWeXaZj09er-v4noxuALxAum5Zj4awLP=7mQRQ@mail.gmail.com>
 <20190512162149.3fsqupqftmwxrbvd@chaz.gmail.com> <CAAOKOsfq-BDfbD1MD01f-soJdhK=rbvr-1kHubCs9uT4GNhG0g@mail.gmail.com>
 <20190514181026.u4myftmekdtqkhme@chaz.gmail.com> <0b921306-f67c-4971-b9ea-8657c573c5f1@www.fastmail.com>
In-Reply-To: <0b921306-f67c-4971-b9ea-8657c573c5f1@www.fastmail.com>
From: Bart Schaefer <schaefer@brasslantern.com>
Date: Tue, 14 May 2019 14:38:16 -0700
Message-ID: <CAH+w=7Z2eteiuZaL_s56-z4d8NukX0FBm1KrdH_TOTx4=_EzXQ@mail.gmail.com>
Subject: Re: Zsh - Multiple DoS Vulnerabilities
To: Daniel Shahaf <d.s@daniel.shahaf.name>
Cc: David Wells <bughunters@tenable.com>, "zsh-workers@zsh.org" <zsh-workers@zsh.org>
Content-Type: text/plain; charset="UTF-8"

On Tue, May 14, 2019 at 2:25 PM Daniel Shahaf <d.s@daniel.shahaf.name> wrote:
>
> Stephane Chazelas wrote on Tue, 14 May 2019 18:11 +00:00:
> > IMO, from a security standpoint, it's not very useful to fuzz
> > "code" input provided to zsh, as anyway any "code" allows zsh to
> > run any arbitrary command (except for the restricted mode). In
> > other words, the "code" is generally not the attacker supplied
> > data.
>
> Sounds right.  There might be some corner case here

The other interesting case would be one where the zsh code enabled
privilege escalation, i.e., where the coder is the attacker and the
shell is the vector to a different security issue.  A zsh script to
exploit ZombieLoad, for example.