Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 27 Sep 2014 21:39:19 -0400
From: Chet Ramey <chet.ramey@...e.edu>
To: Tavis Ormandy <taviso@...xchg8b.com>, Florian Weimer <fw@...eb.enyo.de>
CC: chet.ramey@...e.edu, Michal Zalewski <lcamtuf@...edump.cx>,
        Solar Designer <solar@...nwall.com>, oss-security@...ts.openwall.com,
        Eric Blake <eblake@...hat.com>
Subject: Re: CVE-2014-6271: remote code execution through bash

On 9/27/14, 2:17 PM, Chet Ramey wrote:
> On 9/27/14, 10:28 AM, Tavis Ormandy wrote:
> 
>> It does look bad, but are you sold on the prefix/suffix solution Chet?
>> That will at least mean these are not security issues.
> 
> Yes.  I have no problems worth mentioning with the exported function
> encoding approach.  I have attached patches implementing it that can
> be applied to bash versions from bash-2.05b to bash-4.3.  Please take
> a look, make sure they can be applied cleanly, and so on.
> 
> There is another discussion worth having before officially releasing
> these, which I will do later today.

OK, here are the more-or-less final versions of the patches for bash-2.05b
through bash-4.3.  I made two changes from earlier today: the function
export suffix is now `%%', which is not part of a the set of valid variable
name characters but avoids any potential problems with including
shell metacharacters in the name; and this version refuses to import shell
functions whose name contains a slash, for reasons I discussed earlier.

Please let me know if you have any issues with these.

Chet
-- 
``The lyf so short, the craft so long to lerne.'' - Chaucer
		 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU    chet@...e.edu    http://cnswww.cns.cwru.edu/~chet/

View attachment "funcexport-encode-2.05b.patch" of type "text/x-patch" (5818 bytes)

View attachment "funcexport-encode-3.0.patch" of type "text/x-patch" (5822 bytes)

View attachment "funcexport-encode-3.1.patch" of type "text/x-patch" (5764 bytes)

View attachment "funcexport-encode-3.2.patch" of type "text/x-patch" (5764 bytes)

View attachment "funcexport-encode-4.0.patch" of type "text/x-patch" (5764 bytes)

View attachment "funcexport-encode-4.1.patch" of type "text/x-patch" (5764 bytes)

View attachment "funcexport-encode-4.2.patch" of type "text/x-patch" (5764 bytes)

View attachment "funcexport-encode-4.3.patch" of type "text/x-patch" (5990 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ