Date: Thu, 2 Oct 2014 11:14:16 +0300 From: Peter Pentchev <roam@ringlet.net> To: gabor@zahemszky.hu Cc: freebsd-security@freebsd.org Subject: Re: bash velnerability Message-ID: <20141002081416.GA2633@straylight.m.ringlet.net> In-Reply-To: <d2efe9857cac3297bfcfa422f19ddcbd@zahemszky.hu> References: <5425999A.3070405@FreeBSD.org> <5425A548.9090306@FreeBSD.org> <5425D427.8090309@FreeBSD.org> <54298266.1090201@sentex.net> <5429851B.8060500@FreeBSD.org> <542AFC54.9010405@FreeBSD.org> <542B087D.3040903@FreeBSD.org> <CC9931CC-6BEA-4416-9546-42D6E49C1129@mac.com> <915DA264-1022-441B-93DE-229739A861B3@dataix.net> <d2efe9857cac3297bfcfa422f19ddcbd@zahemszky.hu>
next in thread | previous in thread | raw e-mail | index | archive | help
--tThc/1wpZn/ma/RB Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Oct 01, 2014 at 06:58:58PM +0200, gabor@zahemszky.hu wrote: > 2014-09-30 23:48 id=C5=91pontban Jason Hellenthal ezt =C3=ADrta: > >I would agree with that. Considering the korn shell was found out to > >be importing functions from bash this morning that it does not > >completely know how to interpret goes to say that there is a much > >bigger issue at face here than the mere sys admins can begin to fathom > >quite yet. >=20 > Can you provide us links to this Korn-shell problem? I think that Jason may have been referring to the discussion at: https://lists.gnu.org/archive/html/bug-bash/2014-09/msg00350.html It talks about ksh misimporting environment variables in general, not just Bash functions. > And which > version of Korn-shell are you talking about? Eg. in FreeBSD ports, > we have at least three different type of kshs: >=20 > shells/ksh93 - the original, from AT&T's David Korn > shells/pdksh - a public domain reimplementation of the old ksh88 > shells/mksh - the MirBSD's Korn-shell (a fork of pdksh) Well, the test with the following command: env 'a|b=3D1' ksh -c 'set' | fgrep -e 'a|b' =20 =2E..shows that ksh93 is vulnerable, pdksh and mksh are not. G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@FreeBSD.org p.penchev@storpool.com PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13 --tThc/1wpZn/ma/RB Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJULQlTAAoJEGUe77AlJ98TQJwP/37nhgC1Ebbum58j4YNKr5Dy ougSQYRE2DMU+BETzR8hP53yLPC28zxRucADSMAceelCNyv1d4Ht1kT7idgaOcX5 o2wI6Yjfr1qyFPG546IyQ+lMJ2AIqp5LUYWn+Kh85RXhQbxlX9yVPhHKIhr2C3B/ g4yo2ouNVpmRL1FHrApIyxSKie9wNPZoEwfT9UmpTYacaF9N2a5oaP4bn0nZt+GI KjhY8OUmUCnHpqTUqLIGUOlwLOFlmd2I4E9jntFSxheHDv2ZG/8A5VToxWV2a0HO hxwJB64b2q/LDEchFkxRdwOKrOoQ8OuvjdgDuFcsyEp0wjJ/Jbxo1sO/7WrWAbZS ZbLQ9mFZ09ffhWj8VINPOY5XY8atz+ua+EjACPutfYnqm49QF44mE2nlyCYywIKI Sqz772p946Bahl6uxUhVCGxMXbuO6NUy8tH0lyYukjprwAk4ImqOUN8a9SGKS97j g1jxYwkPHREZj+ZbaVQK8UYf6xKLZGLMVquF84gCYsyarUmayb3fy1TyuV+zFj4g VLb70YxRw59vVQwkEmKJfdW94U2717JXjMQq1iDzZRwDgT5j9EZOVkrhTnYd/Kh9 vjNLPagn8lxdGlgWEqDrCkDSbF8OKG3uUX7TpzYVCP2YUWfjxdaffRQon8QKDe+9 9PfwkdazafQGVrUA4iiH =bgjR -----END PGP SIGNATURE----- --tThc/1wpZn/ma/RB--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20141002081416.GA2633>