Zsh Mailing List Archive
Messages sorted by:
Reverse Date,
Date,
Thread,
Author
Re: BUG: crafting SHELLOPTS and PS4 allows to run arbitrary programs in setuid binaries using system
- X-seq: zsh-workers 39484
- From: Bart Schaefer <schaefer@xxxxxxxxxxxxxxxx>
- To: zsh-workers@xxxxxxx
- Subject: Re: BUG: crafting SHELLOPTS and PS4 allows to run arbitrary programs in setuid binaries using system
- Date: Wed, 28 Sep 2016 12:04:34 -0700
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=brasslantern-com.20150623.gappssmtp.com; s=20150623; h=from:message-id:date:in-reply-to:comments:references:to:subject :mime-version; bh=LcGoh0vejWzJtIoWEoIVqQk4isBwpRuie7yMvHRUgHI=; b=ixexsPAwP8c0VgX/KPOgkMIUuzpPRJlbS5FPwVi8GbqQtKkPykNprsHokTqzJMpA+H 72pJ6irTYhs664Z++4mhlNAzj0Un9zYbKRDLudGtbukEbMvc2D1CeaHQ8PCzDjAAnVuh vbATN4G1MeFHk4kqZzN/BFyvAC8hca2y8D2tXyrjCa7ycM3hdOjVxWHSy2BnUC97bFF9 reMgLKqTwGN0kWCQEQk5polfWjcdWvjlhTNEJyb26nHCKiPLoo0IaYEN4GOC8PcruBzc inftvCvUAqwySh9hgZVS1nIsIZ/ufM6yoH609xlHtZl9lyTR3qRQmFlsbmvFpy7Q0bAc 1K6Q==
- In-reply-to: <20160928103706.elmurtrr4pc5e2kw@ruderich.org>
- List-help: <mailto:zsh-workers-help@zsh.org>
- List-id: Zsh Workers List <zsh-workers.zsh.org>
- List-post: <mailto:zsh-workers@zsh.org>
- Mailing-list: contact zsh-workers-help@xxxxxxx; run by ezmlm
- References: <CALDAOts+rgsuZfABkgVBphvY4CLcUiMLFA4xR0bUXPNxnhcHug@mail.gmail.com> <CGME20160927075540eucas1p117bb3a8f5edc7b140696f570982f8c03@eucas1p1.samsung.com> <20160927075347.GA500@fujitsu.shahaf.local2> <20160927100221.7d4f744f@pwslap01u.europe.root.pri> <20160928103706.elmurtrr4pc5e2kw@ruderich.org>
On Sep 28, 12:37pm, Simon Ruderich wrote:
}
} I think the test should be changed to getuid() != geteuid() or
} similar to trigger only in setuid cases.
Upon consideration, I agree.
Messages sorted by:
Reverse Date,
Date,
Thread,
Author