Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: Does the bash bug have a zsh counterpart?

X-seq: zsh-users 19149
From: shawn wilson <ag4ve.us@xxxxxxxxx>
To: Peter Stephenson <p.stephenson@xxxxxxxxxxx>
Subject: Re: Does the bash bug have a zsh counterpart?
Date: Thu, 25 Sep 2014 12:45:13 -0400
Cc: "William G. Scott" <wgscott@xxxxxxxx>, Zsh Users <zsh-users@xxxxxxx>
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=4qTbb9MFDuvroiKffs/rmbKxgOlMebeY0h0QK1ZK73U=; b=sbCw2+EpSpKLXWid/YFgY8j6egCIL/7kTzs402MufE9ffuZDVTBtdq8fWfMmjCG3cx LaMkuO/UxfWYC0RxasCV5bhgQ5xNV9ab08qA4k6F9ZPtlBS9WwnYbCt1UY5wF6littmq J4AwfYMoftaRUwn12kmTfYdFJj73TkzsCn+I2LW1Da51kOgltPvdggmYIADntLAokpkA ATEPDRNMOgC/zEV5x67R3wys77vLG8C94HvaH3nEPOi5VLTwyqyK3EkaIVxC3FtdSLWP yjkuV/JE9AcitpZ98TALBeghPxvMNc34snFJaokVVjOmn+uRD/R87z9PGie4g+y18OUT Rz0w==
In-reply-to: <20140925174131.2575e3af@pwslap01u.europe.root.pri>
List-help: <mailto:zsh-users-help@zsh.org>
List-id: Zsh Users List <zsh-users.zsh.org>
List-post: <mailto:zsh-users@zsh.org>
Mailing-list: contact zsh-users-help@xxxxxxx; run by ezmlm
References: <1B204EC0-006C-47D9-80F3-007562954A8D@ucsc.edu> <20140925174131.2575e3af@pwslap01u.europe.root.pri>

On Thu, Sep 25, 2014 at 12:41 PM, Peter Stephenson
<p.stephenson@xxxxxxxxxxx> wrote:
> On Thu, 25 Sep 2014 09:35:01 -0700
> "William G. Scott" <wgscott@xxxxxxxx> wrote:
>> Does any version of zsh have the same issue as bash, reported eg at
>>
>> <http://arstechnica.com/security/2014/09/bug-in-bash-shell-creates-big-security-hole-on-anything-with-nix-in-it/>
>
> No, search the zsh-workers archive at www.zsh.org for the last day or
> so.
>
>> I was thinking of temporarily replacing sh and bash on OS X with zsh
>> until a security fix is offered.
>
> If so, make sure you alias it to sh or otherwise cause it to come up in
> POSIX mode.
>
> Dash might be a better bet as it's more widely used for such things.
>

I wouldn't recommend dash as a solution - there might be other hidden
goodies there - see the recent vmware workstation suid issue caused by
dash thinking they were smarter.

References:
- Does the bash bug have a zsh counterpart?
  - From: William G. Scott
- Re: Does the bash bug have a zsh counterpart?
  - From: Peter Stephenson

Messages sorted by: Reverse Date, Date, Thread, Author