Date: Sat, 27 Sep 2014 21:39:19 -0400 From: Chet Ramey <chet.ramey@...e.edu> To: Tavis Ormandy <taviso@...xchg8b.com>, Florian Weimer <fw@...eb.enyo.de> CC: chet.ramey@...e.edu, Michal Zalewski <lcamtuf@...edump.cx>, Solar Designer <solar@...nwall.com>, oss-security@...ts.openwall.com, Eric Blake <eblake@...hat.com> Subject: Re: CVE-2014-6271: remote code execution through bash On 9/27/14, 2:17 PM, Chet Ramey wrote: > On 9/27/14, 10:28 AM, Tavis Ormandy wrote: > >> It does look bad, but are you sold on the prefix/suffix solution Chet? >> That will at least mean these are not security issues. > > Yes. I have no problems worth mentioning with the exported function > encoding approach. I have attached patches implementing it that can > be applied to bash versions from bash-2.05b to bash-4.3. Please take > a look, make sure they can be applied cleanly, and so on. > > There is another discussion worth having before officially releasing > these, which I will do later today. OK, here are the more-or-less final versions of the patches for bash-2.05b through bash-4.3. I made two changes from earlier today: the function export suffix is now `%%', which is not part of a the set of valid variable name characters but avoids any potential problems with including shell metacharacters in the name; and this version refuses to import shell functions whose name contains a slash, for reasons I discussed earlier. Please let me know if you have any issues with these. Chet -- ``The lyf so short, the craft so long to lerne.'' - Chaucer ``Ars longa, vita brevis'' - Hippocrates Chet Ramey, ITS, CWRU chet@...e.edu http://cnswww.cns.cwru.edu/~chet/ View attachment "funcexport-encode-2.05b.patch" of type "text/x-patch" (5818 bytes) View attachment "funcexport-encode-3.0.patch" of type "text/x-patch" (5822 bytes) View attachment "funcexport-encode-3.1.patch" of type "text/x-patch" (5764 bytes) View attachment "funcexport-encode-3.2.patch" of type "text/x-patch" (5764 bytes) View attachment "funcexport-encode-4.0.patch" of type "text/x-patch" (5764 bytes) View attachment "funcexport-encode-4.1.patch" of type "text/x-patch" (5764 bytes) View attachment "funcexport-encode-4.2.patch" of type "text/x-patch" (5764 bytes) View attachment "funcexport-encode-4.3.patch" of type "text/x-patch" (5990 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ