Zsh Mailing List Archive
Messages sorted by: Reverse Date, Date, Thread, Author

Re: BUG: crafting SHELLOPTS and PS4 allows to run arbitrary programs in setuid binaries using system



On Tue, Sep 27, 2016 at 10:02:21AM +0100, Peter Stephenson wrote:
> I've attempted to tidy up the logic to the point where I think I
> understand it.  Does the test "(!getuid() || !geteuid())" make sense or
> should that be something else?

I don't see a reason why zsh running as root shouldn't import
these variables. Only when running in a setuid context possible
security issues arise (ignoring the fact that any setuid program
calling a shell is broken anyway because we will always miss some
env-variable which can be abused).

I think the test should be changed to getuid() != geteuid() or
similar to trigger only in setuid cases.

Regards
Simon
-- 
+ privacy is necessary
+ using gnupg http://gnupg.org
+ public key id: 0x92FEFDB7E44C32F9

Attachment: signature.asc
Description: PGP signature



Messages sorted by: Reverse Date, Date, Thread, Author