Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 30 Sep 2014 07:11:09 +0400
From: gremlin@...mlin.ru
To: oss-security@...ts.openwall.com
Subject: Re: Healing the bash fork

On 29-Sep-2014 22:34:20 -0400, Chet Ramey wrote:

 >> What is the motivation to not store executable code (functions)
 >> differently from standard variables?

 > What would you use for such a store, considering the environment
 > is the only portable way to pass this information from one process
 > to another in the general case, and support the current set of
 > use cases?

C.O. to the rescue: temporary file.

If one shell instance needs to pass some functions to another, it
could dump those functions to a temporary file and pass the --load
(or, better, --load-functions) options with a filename parameter.

The functions file name may also be passed through environment, but
that could open another set of security holes (like reading files).


-- 
Alexey V. Vissarionov aka Gremlin from Kremlin <gremlin  gremlin  ru>
GPG: 8832FE9FA791F7968AC96E4E909DAC45EF3B1FA8 @ hkp://keys.gnupg.net

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ