Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 29 Sep 2014 19:50:52 -0400
From: Chet Ramey <chet.ramey@...e.edu>
To: Eric Blake <eblake@...hat.com>, Tavis Ormandy <taviso@...xchg8b.com>,
        Florian Weimer <fw@...eb.enyo.de>
CC: chet.ramey@...e.edu, Michal Zalewski <lcamtuf@...edump.cx>,
        Solar Designer <solar@...nwall.com>, oss-security@...ts.openwall.com
Subject: Re: CVE-2014-6271: remote code execution through bash

On 9/27/14, 10:15 PM, Eric Blake wrote:


> 
> Are you 100% sure that posixly_correct is correctly initialized at this
> point in parsing the incoming environment variables, regardless of
> whether you invoked '/bin/sh', 'bash -o posix', or 'POSIXLY_CORRECT=1
> bash'?  

For POSIXLY_CORRECT: yes.  Very early on in main() the shell looks for
POSIXLY_CORRECT and POSIX_PEDANTIC in the environment and sets
posixly_correct to 1 if either one is found.

For bash -o posix: yes.  Options (including long options like --posix)
are parsed well before the environment is read.

For /bin/sh: no.  As documented, the shell enters posix mode after it
reads the startup files.

Chet
-- 
``The lyf so short, the craft so long to lerne.'' - Chaucer
		 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU    chet@...e.edu    http://cnswww.cns.cwru.edu/~chet/

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.