Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: Security hole in history handling for root

X-seq: zsh-workers 26399
From: Richard Hartmann <richih.mailinglist@xxxxxxxxx>
To: Peter Stephenson <pws@xxxxxxx>
Subject: Re: Security hole in history handling for root
Date: Wed, 21 Jan 2009 18:54:54 +0100
Cc: Zsh Workers <zsh-workers@xxxxxxxxxx>
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=tNacGkmef6erOzAdfUOwcBdPvcAGZVd/L+0SlSvYbcw=; b=CcYUx2+2s3t0OaF/JrQ5yGGXsPZF0t29jWGtJj8/1h9iwR3F0uQI1bsmNzrIOCL3Gi K0JlNJ+fvVk7A1N+frRv0oz/vyiBAvA+sfjL19AsudCYQmXTL/PtbodccuRI5mrNMlMv HmOoP6OQUTPJ828LKF/skfP0QF+f6T05DRs+A=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=F59w2nOHE2OsquqKh9UxTLmH0wv7IyQcGs0312OiP2wtjTUYvfb2lSv2WEEvP9Om1Y 6B/xM09eky5DiDcME4ieBOxUXDorLEBBf//Ir5maMGGb2r5KWztHOP/bjWqbCLHe8i9j IFAx2gPxBeRJwCtBhqak7wXfvwl4c/PrwNOU0=
In-reply-to: <200901211718.n0LHIj0S010726@xxxxxxxxxxxxxx>
Mailing-list: contact zsh-workers-help@xxxxxxxxxx; run by ezmlm
References: <2d460de70901010632q3f2c1156x36a8d1e8a4445dd4@xxxxxxxxxxxxxx> <2d460de70901210854w1c68e79lbf0847b700822eff@xxxxxxxxxxxxxx> <200901211718.n0LHIj0S010726@xxxxxxxxxxxxxx>

On Wed, Jan 21, 2009 at 18:18, Peter Stephenson <pws@xxxxxxx> wrote:

> If I can be convinced there is something specific in this case, as
> opposed to a general security hole that needs much more thinking about,
> it can be dealt with, but I haven't seen why yet.

In that case, don't bother. As the RC files are checked, I assumed you
wanted to get a report for everything which goes in that direction.

> (By the way, I realise Bart suggested you repost things, but the net
> effect is likely to be that I increase my threshold below which I ignore
> things even further.  If all these sorts of things are to be tackled we
> NEED repeat NEED repeat NEED more people to work on bug fixes.)

Would if I could, but I am not firm enough in C to be of any deeper
help. sorry.

Would it help you or anyone if there was a bug tracker? SF.net offers
one or I could set one up, if you want me to.

Richard

Follow-Ups:
- Re: Security hole in history handling for root
  - From: Peter Stephenson

References:
- Security hole in history handling for root
  - From: Richard Hartmann
- Re: Security hole in history handling for root
  - From: Richard Hartmann
- Re: Security hole in history handling for root
  - From: Peter Stephenson

Messages sorted by: Reverse Date, Date, Thread, Author