Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 29 Sep 2014 12:37:57 +0200
From: Jakub Wilk <jwilk@...lk.net>
To: oss-security@...ts.openwall.com
Subject: Re: Fwd: Non-upstream patches for bash

* Solar Designer <solar@...nwall.com>, 2014-09-27, 19:06:
>Has anyone started reviewing bash for possible other code paths where 
>untrusted input may hit the parser?

I haven't look at the code, but what makes me nervous is that the parser 
is not locale-agnostic. Here's an example how it can be exploited:
http://bugs.python.org/issue22187

-- 
Jakub Wilk

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ