From owner-freebsd-security@FreeBSD.ORG Thu Oct 2 08:22:15 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 83F8E2C6 for ; Thu, 2 Oct 2014 08:22:15 +0000 (UTC) Received: from nimbus.fccf.net (nimbus.fccf.net [77.77.144.35]) by mx1.freebsd.org (Postfix) with ESMTP id 3A41BB92 for ; Thu, 2 Oct 2014 08:22:14 +0000 (UTC) Received: from straylight.m.ringlet.net (unknown [46.233.30.128]) by nimbus.fccf.net (Postfix) with ESMTPSA id 742675D for ; Thu, 2 Oct 2014 11:15:49 +0300 (EEST) Received: from roam (uid 1000) (envelope-from roam@ringlet.net) id 254004c by straylight.m.ringlet.net (DragonFly Mail Agent v0.9); Thu, 02 Oct 2014 11:14:16 +0300 Date: Thu, 2 Oct 2014 11:14:16 +0300 From: Peter Pentchev To: gabor@zahemszky.hu Subject: Re: bash velnerability Message-ID: <20141002081416.GA2633@straylight.m.ringlet.net> Mail-Followup-To: gabor@zahemszky.hu, freebsd-security@freebsd.org References: <5425999A.3070405@FreeBSD.org> <5425A548.9090306@FreeBSD.org> <5425D427.8090309@FreeBSD.org> <54298266.1090201@sentex.net> <5429851B.8060500@FreeBSD.org> <542AFC54.9010405@FreeBSD.org> <542B087D.3040903@FreeBSD.org> <915DA264-1022-441B-93DE-229739A861B3@dataix.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="tThc/1wpZn/ma/RB" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.23 (2014-03-12) Cc: freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Oct 2014 08:22:15 -0000 --tThc/1wpZn/ma/RB Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Oct 01, 2014 at 06:58:58PM +0200, gabor@zahemszky.hu wrote: > 2014-09-30 23:48 id=C5=91pontban Jason Hellenthal ezt =C3=ADrta: > >I would agree with that. Considering the korn shell was found out to > >be importing functions from bash this morning that it does not > >completely know how to interpret goes to say that there is a much > >bigger issue at face here than the mere sys admins can begin to fathom > >quite yet. >=20 > Can you provide us links to this Korn-shell problem? I think that Jason may have been referring to the discussion at: https://lists.gnu.org/archive/html/bug-bash/2014-09/msg00350.html It talks about ksh misimporting environment variables in general, not just Bash functions. > And which > version of Korn-shell are you talking about? Eg. in FreeBSD ports, > we have at least three different type of kshs: >=20 > shells/ksh93 - the original, from AT&T's David Korn > shells/pdksh - a public domain reimplementation of the old ksh88 > shells/mksh - the MirBSD's Korn-shell (a fork of pdksh) Well, the test with the following command: env 'a|b=3D1' ksh -c 'set' | fgrep -e 'a|b' =20 =2E..shows that ksh93 is vulnerable, pdksh and mksh are not. G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@FreeBSD.org p.penchev@storpool.com PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13 --tThc/1wpZn/ma/RB Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJULQlTAAoJEGUe77AlJ98TQJwP/37nhgC1Ebbum58j4YNKr5Dy ougSQYRE2DMU+BETzR8hP53yLPC28zxRucADSMAceelCNyv1d4Ht1kT7idgaOcX5 o2wI6Yjfr1qyFPG546IyQ+lMJ2AIqp5LUYWn+Kh85RXhQbxlX9yVPhHKIhr2C3B/ g4yo2ouNVpmRL1FHrApIyxSKie9wNPZoEwfT9UmpTYacaF9N2a5oaP4bn0nZt+GI KjhY8OUmUCnHpqTUqLIGUOlwLOFlmd2I4E9jntFSxheHDv2ZG/8A5VToxWV2a0HO hxwJB64b2q/LDEchFkxRdwOKrOoQ8OuvjdgDuFcsyEp0wjJ/Jbxo1sO/7WrWAbZS ZbLQ9mFZ09ffhWj8VINPOY5XY8atz+ua+EjACPutfYnqm49QF44mE2nlyCYywIKI Sqz772p946Bahl6uxUhVCGxMXbuO6NUy8tH0lyYukjprwAk4ImqOUN8a9SGKS97j g1jxYwkPHREZj+ZbaVQK8UYf6xKLZGLMVquF84gCYsyarUmayb3fy1TyuV+zFj4g VLb70YxRw59vVQwkEmKJfdW94U2717JXjMQq1iDzZRwDgT5j9EZOVkrhTnYd/Kh9 vjNLPagn8lxdGlgWEqDrCkDSbF8OKG3uUX7TpzYVCP2YUWfjxdaffRQon8QKDe+9 9PfwkdazafQGVrUA4iiH =bgjR -----END PGP SIGNATURE----- --tThc/1wpZn/ma/RB--