From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 7032 invoked by alias); 24 Sep 2014 14:55:30 -0000 Mailing-List: contact zsh-workers-help@zsh.org; run by ezmlm Precedence: bulk X-No-Archive: yes List-Id: Zsh Workers List List-Post: List-Help: X-Seq: 33230 Received: (qmail 17870 invoked from network); 24 Sep 2014 14:55:27 -0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on f.primenet.com.au X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HTML_MESSAGE,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.2 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=donmez.ws; s=www; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=BkaleWt2HSx3yre+pKc96rYDE3+avoyslb7HJX+iGkE=; b=YDezgeMgC9JXpVcfmoFRQlsV6wtf4dSOnZ7kgv+8mlty/fwWxJHBe+q6nLd4i7+Sp6 s37uqs7syfP45Hta8WqBR4G7b87nQcY+ngQiPNwJqPBAQVuDQ10CxmECw9e1JLU5TWIp zIUmIVZwxzDooymls0PZ+QKk1JTzyJ4ubw3U4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=BkaleWt2HSx3yre+pKc96rYDE3+avoyslb7HJX+iGkE=; b=KYbMOofSz0mLwj8n9knEXf8dsSyu5Fi+FkKln0ks/RSuT8oiyVNMJ4uAMn+V26OWtp c7dnCDsFiQcNe/JgP0E8TDY+nrtHvbNjt9elCFRLogBv+iZ1sPP016R0QJQKlPmHRN+N eA168BBx8HNo3IpX8q5rUMWCbgQVHmZxbhO21mob0vDlRg6123cxQGoitxzRt+jFHjQ9 t/zVGK1S8kc1anlQdy4DtSa/RT9a8GuPOKkEyZhURSFDQwTiDwt/ubDrCv2DDef8TwQc pc6DfYOzpkr6Zg7GWflqhHaGR4SbsQtoZAaaM2GNdYV0r1n0oB+5N2ynlUw9mmHlfJ9l 9q0w== X-Gm-Message-State: ALoCoQkCC62vV0vVShhBm/ACkK4mdEcK4tHUj7Fauj3QnG86zVPG57a7a8Qbj22SZIsrCCNzDgjI X-Received: by 10.220.172.8 with SMTP id j8mr6402023vcz.32.1411570525702; Wed, 24 Sep 2014 07:55:25 -0700 (PDT) MIME-Version: 1.0 In-Reply-To: <87fvfhvzl9.fsf@ft.bewatermyfriend.org> References: <87fvfhvzl9.fsf@ft.bewatermyfriend.org> From: =?UTF-8?B?xLBzbWFpbCBEw7ZubWV6?= Date: Wed, 24 Sep 2014 17:55:05 +0300 Message-ID: Subject: Re: zsh seems to be vulnerable to CVE-2014-6271: remote code execution through bash To: Frank Terbeck Cc: "Zsh Hackers' List" Content-Type: multipart/alternative; boundary=001a11c3678cc29e370503d0dfc1 --001a11c3678cc29e370503d0dfc1 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Wed, Sep 24, 2014 at 5:54 PM, Frank Terbeck wrote: > =C4=B0smail D=C3=B6nmez wrote: > > According to the vulnerability test in > > > https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environ= ment-variables-code-injection-attack/ > > > > [~]> echo $ZSH_VERSION > > 5.0.6 > > > > [~]> env x=3D'() { :;}; echo vulnerable' bash -c "echo this is a test" > > vulnerable > > this is a test > > > > Looks like zsh is vulnerable too. > > Does it? > > [snip] > zsh% x=3D'() { :; }; echo vuln' bash -c 'echo test' > vuln > test > zsh% x=3D'() { :; }; echo vuln' zsh -c 'echo test' > test > [snap] > > Doesn't look like it to me. > > Bash has this weird feature, where you can "export functions". I suspect > that's what's happening here. Zsh doesn't have this feature. Thankfully > Brown paper bag for me not replacing bash with zsh ;) Thanks and sorry for the noise :) --001a11c3678cc29e370503d0dfc1--