Date: Mon, 29 Sep 2014 19:50:52 -0400 From: Chet Ramey <chet.ramey@...e.edu> To: Eric Blake <eblake@...hat.com>, Tavis Ormandy <taviso@...xchg8b.com>, Florian Weimer <fw@...eb.enyo.de> CC: chet.ramey@...e.edu, Michal Zalewski <lcamtuf@...edump.cx>, Solar Designer <solar@...nwall.com>, oss-security@...ts.openwall.com Subject: Re: CVE-2014-6271: remote code execution through bash On 9/27/14, 10:15 PM, Eric Blake wrote: > > Are you 100% sure that posixly_correct is correctly initialized at this > point in parsing the incoming environment variables, regardless of > whether you invoked '/bin/sh', 'bash -o posix', or 'POSIXLY_CORRECT=1 > bash'? For POSIXLY_CORRECT: yes. Very early on in main() the shell looks for POSIXLY_CORRECT and POSIX_PEDANTIC in the environment and sets posixly_correct to 1 if either one is found. For bash -o posix: yes. Options (including long options like --posix) are parsed well before the environment is read. For /bin/sh: no. As documented, the shell enters posix mode after it reads the startup files. Chet -- ``The lyf so short, the craft so long to lerne.'' - Chaucer ``Ars longa, vita brevis'' - Hippocrates Chet Ramey, ITS, CWRU chet@...e.edu http://cnswww.cns.cwru.edu/~chet/
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.