Zsh Mailing List Archive
Messages sorted by:
Reverse Date,
Date,
Thread,
Author
Re: BUG: crafting SHELLOPTS and PS4 allows to run arbitrary programs in setuid binaries using system
- X-seq: zsh-workers 39467
- From: Bart Schaefer <schaefer@xxxxxxxxxxxxxxxx>
- To: zsh-workers@xxxxxxx
- Subject: Re: BUG: crafting SHELLOPTS and PS4 allows to run arbitrary programs in setuid binaries using system
- Date: Tue, 27 Sep 2016 12:26:19 -0700
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=brasslantern-com.20150623.gappssmtp.com; s=20150623; h=from:message-id:date:in-reply-to:comments:references:to:subject :mime-version; bh=ObPu/WNFvYt21eD7tnPJp/cA1mwiwmjTlfYMkGHhBPE=; b=WEuqp6BbbGOqTcFuzR2NR8yrvVDcZ11CL0KMtow0T4K2Ox5lEgp2hMI4huNec9WYMv SAOWjYbvyp3L1gScf31Jnh3w9dgJmkNXIXbUuBPp9gd5B+ltqeejUVXZe6G5xo9QzC6O NV7ZyxbVG6pUQnJXUX0QXT2R/+lES+AEoOraqD9Uu4czykERy1/YU/Ij3B3ZbKOGwYCY rVJnxOwG1/s42khzVEDp5FsbeS69tRT3jjt4efoTf8uNK1BvbU5KeSajjnKVWv8kyqgF 3i88r7jSl1ZOPliPCmJl+DZd+OjODG6rCkpYsKHGQUpk8+5oFwpKVyI7fuEaa0lgXGIi 7h5A==
- In-reply-to: <20160927100221.7d4f744f@pwslap01u.europe.root.pri>
- List-help: <mailto:zsh-workers-help@zsh.org>
- List-id: Zsh Workers List <zsh-workers.zsh.org>
- List-post: <mailto:zsh-workers@zsh.org>
- Mailing-list: contact zsh-workers-help@xxxxxxx; run by ezmlm
- References: <CALDAOts+rgsuZfABkgVBphvY4CLcUiMLFA4xR0bUXPNxnhcHug@mail.gmail.com> <CGME20160927075540eucas1p117bb3a8f5edc7b140696f570982f8c03@eucas1p1.samsung.com> <20160927075347.GA500@fujitsu.shahaf.local2> <20160927100221.7d4f744f@pwslap01u.europe.root.pri>
On Sep 27, 10:02am, Peter Stephenson wrote:
} Subject: Re: BUG: crafting SHELLOPTS and PS4 allows to run arbitrary progr
}
} I've attempted to tidy up the logic to the point where I think I
} understand it. Does the test "(!getuid() || !geteuid())" make sense or
} should that be something else?
I don't know of anything else more appropriate.
Messages sorted by:
Reverse Date,
Date,
Thread,
Author