Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: Zsh - Multiple DoS Vulnerabilities

X-seq: zsh-workers 44302
From: "Daniel Shahaf" <d.s@xxxxxxxxxxxxxxxxxx>
To: "David Wells" <bughunters@xxxxxxxxxxx>
Subject: Re: Zsh - Multiple DoS Vulnerabilities
Date: Tue, 14 May 2019 21:39:06 +0000
Cc: zsh-workers@xxxxxxx
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= daniel.shahaf.name; h=mime-version:message-id:in-reply-to :references:date:from:to:cc:subject:content-type :content-transfer-encoding; s=fm3; bh=TjAZKkyJVBcE63EdYdSDCYzhx6 9A6D75J3LtG4p2jVM=; b=TiGxMdJnGFbPZswNe0MFC1rfMdETH5oUIULnLnEpqW rzDJ/OdU0hly99exV0m3v9m9dZA2/rnnowD4poVN1FEaxN5PvBfK5/fQdcinRbwW PD0SllMHKdjccxBrLzQtuZ7Dj8/l7T6ND3Wj2WIxxAsMh7X5j7s09EPhqTVVIwHc Bp8nH+UMdyl/2fsGQQjm2cGn7kpReFhA4X47njuMxfWAIKuoY89KA068c34LoScd 0Oc42FEhBN9K18AI6jRw8HPOVzY2SWrH3dRyylWrzntSu3vWadYOv8xkoXDtf7qI bEz3xVIptxFZWkUu/jr2L74t8h3GgOEqb8F1ueZ5KO8A==
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; bh=TjAZKkyJVBcE63EdYdSDCYzhx69A6D75J3LtG4p2j VM=; b=PO/6u/wqEpP3QprZduPHE896jJGt31zBeo2JRjLOCo7Nqat257bF9Aj9e 89FC63pX59YYUDuzxK/Do4tbvkvFyn5EyMCqoilk2WOdOIvSjdL3VJKkS33x5Llo l3A0Lz11+Gd9tykBuBT5iOgzdi014Skaq5dW/ckSIkyw/o7Hw5tzUlwW111FDPO9 ms+Er4/Ste2Zxx+4DTmmUSoRlwqCTTJFttW7F+3JpprrrDbuBEgZGS8iYAP6vdzv YMCM6jBvWQ/zSGmOC5quSmht9VZdVgHTQBIVN8nh5l3hFyJdT/URqyfYH5RP45sp xFfo83iIVbiBlW75yI+SE89npDxKA==
In-reply-to: <20190514181026.u4myftmekdtqkhme@chaz.gmail.com>
List-help: <mailto:zsh-workers-help@zsh.org>
List-id: Zsh Workers List <zsh-workers.zsh.org>
List-post: <mailto:zsh-workers@zsh.org>
List-unsubscribe: <mailto:zsh-workers-unsubscribe@zsh.org>
Mailing-list: contact zsh-workers-help@xxxxxxx; run by ezmlm
References: <CAAOKOsfSAR5aRBvEcyQKRzDCvOgRJdyRvVb9AXMq6d22RaUozQ@mail.gmail.com> <CAH+w=7YSL2eLRWeXaZj09er-v4noxuALxAum5Zj4awLP=7mQRQ@mail.gmail.com> <20190512162149.3fsqupqftmwxrbvd@chaz.gmail.com> <CAAOKOsfq-BDfbD1MD01f-soJdhK=rbvr-1kHubCs9uT4GNhG0g@mail.gmail.com> <20190514181026.u4myftmekdtqkhme@chaz.gmail.com>

[sorry for double send]

Stephane Chazelas wrote on Tue, 14 May 2019 18:11 +00:00:
> IMO, from a security standpoint, it's not very useful to fuzz
> "code" input provided to zsh, as anyway any "code" allows zsh to
> run any arbitrary command (except for the restricted mode). In
> other words, the "code" is generally not the attacker supplied
> data.

Sounds right.

I've been trying to come up with counterexamples.  What if somebody
installed a /etc/zshenv that does, say, 'disable zmodload enable'?
If that actually prevents zmodload from being run,¹ then a bug that
allows zmodload to be run would be interesting.

Cheers,

Daniel

¹ I'm not sure it does because there might be some other way to run
zmodload — an assignment to $modules, maybe?  (Don't have time to test
this, sorry.)

Follow-Ups:
- Re: Zsh - Multiple DoS Vulnerabilities
  - From: Bart Schaefer

References:
- Zsh - Multiple DoS Vulnerabilities
  - From: David Wells
- Re: Zsh - Multiple DoS Vulnerabilities
  - From: Bart Schaefer
- Re: Zsh - Multiple DoS Vulnerabilities
  - From: Stephane Chazelas
- Re: Zsh - Multiple DoS Vulnerabilities
  - From: David Wells
- Re: Zsh - Multiple DoS Vulnerabilities
  - From: Stephane Chazelas

Messages sorted by: Reverse Date, Date, Thread, Author