Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: Zsh - Multiple DoS Vulnerabilities

X-seq: zsh-workers 44304
From: "Daniel Shahaf" <d.s@xxxxxxxxxxxxxxxxxx>
To: zsh-workers@xxxxxxx
Subject: Re: Zsh - Multiple DoS Vulnerabilities
Date: Wed, 15 May 2019 10:48:23 +0000
Cc: "David Wells" <bughunters@xxxxxxxxxxx>
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= daniel.shahaf.name; h=mime-version:message-id:in-reply-to :references:date:from:to:cc:subject:content-type; s=fm3; bh=8q9/ KMy42pbVVfvXbr7mhTjVZ0ITupw0n1igHBBEp68=; b=epgSWjuC1ACaN6kISug1 EzWxOYgCoF6Q6JWdg8eIH02yKUeUfwMlxZWh9bSuAyzZQLBMygtX8zWeL8nhi4gQ s0sXNFgFUIqm7RJJB3LMZs4uu2M+NSXoLFqnmZ9tfKGjCvX+WCREy/SPg3lPcSGf y8zExMXB6t5HsmHMW4t0cUZT4prgiAOwWEU/rNLr0HEGkrweomxMtKtpPn2fX8tM Et+BQE4XUv4xuSCqfV8E/zQDBJLvkk50+g515r6wqyQ6NsX33KVuvR+D5zAbH3XV maMcsZRrMhxgC++jK6g+CxjWTdYyADWskisevmU6oALdZRZEfDJVRgcAEnhpqZz4 uQ==
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=8q9/KM y42pbVVfvXbr7mhTjVZ0ITupw0n1igHBBEp68=; b=qZ+qEm4F89iiEPgjcdzMOB Dh61x4eHC6z+TNnytkwknBVoB7LNXf68r+yWb1RZ2wM+56h4Pml8WMpa9AgNRY5t sMWk3szJRN4qUEeV0NaksUhG1FhfGMt/6OHzeGkkXZHayofbMrK4dwkX25Yp0jZX 24j8JVg9gzBnVtuYNU3mm8d1Rdsi5bvJZ/1KfFKZmSWopIdi6971ZufnHrKeB8oP uMTA5bhKgxrIfGqyYMuCSQ+6qkOdjhLfJchfURWEA8f7Fpt3/dKjQian84r9ANS2 N3KilUOjYbf7AHgYafMxI2caoJmVEnr7RXQJW2eJE5kbWNFryQBgm+B8uzplXTFg ==
In-reply-to: <CAH+w=7bLsrFOcsPX491x_jNQmorvG3sYT2WaGtR0RciTTxB6pw@mail.gmail.com>
List-help: <mailto:zsh-workers-help@zsh.org>
List-id: Zsh Workers List <zsh-workers.zsh.org>
List-post: <mailto:zsh-workers@zsh.org>
List-unsubscribe: <mailto:zsh-workers-unsubscribe@zsh.org>
Mailing-list: contact zsh-workers-help@xxxxxxx; run by ezmlm
References: <CAAOKOsfSAR5aRBvEcyQKRzDCvOgRJdyRvVb9AXMq6d22RaUozQ@mail.gmail.com> <CAH+w=7YSL2eLRWeXaZj09er-v4noxuALxAum5Zj4awLP=7mQRQ@mail.gmail.com> <20190512162149.3fsqupqftmwxrbvd@chaz.gmail.com> <CAAOKOsfq-BDfbD1MD01f-soJdhK=rbvr-1kHubCs9uT4GNhG0g@mail.gmail.com> <20190514181026.u4myftmekdtqkhme@chaz.gmail.com> <54c02a72-cbcf-4036-9a72-7df24c0041d2@www.fastmail.com> <CAH+w=7bLsrFOcsPX491x_jNQmorvG3sYT2WaGtR0RciTTxB6pw@mail.gmail.com>

Bart Schaefer wrote on Tue, 14 May 2019 22:26 +00:00:
> On Tue, May 14, 2019 at 2:39 PM Daniel Shahaf <d.s@xxxxxxxxxxxxxxxxxx> wrote:
> >
> > I've been trying to come up with counterexamples.  What if somebody
> > installed a /etc/zshenv that does, say, 'disable zmodload enable'?
> 
> You can bypass /etc/zshenv by, for example, invoking zsh as "sh" and
> then running "emulate -R" and/or otherwise futzing with setopts.

I don't think there's an easy solution here, since sourcing /etc/zshenv
in mid-session could be a can of worms, too.

> So either THAT is a security flaw, or your example isn't one either.

I suppose my example was a security flaw _in the sysadmin's setup_.  If someone
wants to make the case that it's a bug in zsh, I'm all ears.

Cheers,

Daniel

References:
- Zsh - Multiple DoS Vulnerabilities
  - From: David Wells
- Re: Zsh - Multiple DoS Vulnerabilities
  - From: Bart Schaefer
- Re: Zsh - Multiple DoS Vulnerabilities
  - From: Stephane Chazelas
- Re: Zsh - Multiple DoS Vulnerabilities
  - From: David Wells
- Re: Zsh - Multiple DoS Vulnerabilities
  - From: Stephane Chazelas
- Re: Zsh - Multiple DoS Vulnerabilities
  - From: Daniel Shahaf
- Re: Zsh - Multiple DoS Vulnerabilities
  - From: Bart Schaefer

Messages sorted by: Reverse Date, Date, Thread, Author