Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

RE: Re: Security issue in Zsh restricted mode (zsh -r) – escape via history built‑ins

X-seq: zsh-workers 54168
From: zeurkous@xxxxxxxxxxxxxxx
To: Oliver Kiddle <opk@xxxxxxx>, Mikael Magnusson <mikachu@xxxxxxxxx>
Cc: cyber security <cs7778503@xxxxxxxxx>, zsh-workers@xxxxxxx
Subject: RE: Re: Security issue in Zsh restricted mode (zsh -r) – escape via history built‑ins
Date: Sun, 01 Feb 2026 17:48:53 +0000 (UTC)
Archived-at: <https://zsh.org/workers/54168>
In-reply-to: <62255-1769947817.277408@Fj-1.JoGb.8iVT>
List-id: <zsh-workers.zsh.org>
References: <CAPmip_z18_wQBZ09GG7TEKZ0GsTqQ34iZRvhsMAExOLSCcdQsg@mail.gmail.com> <72787-1769800688.979791@U6Lk.sn9M.AyYc> <CAHYJk3T4W+U3mCzqGB7LUkJp-JuUSiEBNe4hx0e-=zMyZQuPGQ@mail.gmail.com> <62255-1769947817.277408@Fj-1.JoGb.8iVT>

Morning,

On Sun, 01 Feb 2026 13:10:17 +0100, Oliver Kiddle <opk@xxxxxxx> wrote:
> On further deliberation, I think we should just drop the whole
> restricted mode feature. The documentation has carried a warning that
> "the feature may be removed in future" for the past six years.

Yeah, let's lose it. For that kind of isolation, one'd better use
something like chroot(2) (as the manual rightly points out).

Considering the shell a trusted program appears to be a relic of a now
bygone age.

        --zeurkous.

-- 
Friggin' Machines!

Follow-Ups:
- RE: Re: Security issue in Zsh restricted mode (zsh -r) – escape via history built‑ins
  - From: zeurkous

References:
- Security issue in Zsh restricted mode (zsh -r) – escape via history built‑ins
  - From: cyber security
- Re: Security issue in Zsh restricted mode (zsh -r) – escape via history built‑ins
  - From: Oliver Kiddle
- Re: Security issue in Zsh restricted mode (zsh -r) – escape via history built‑ins
  - From: Mikael Magnusson
- Re: Security issue in Zsh restricted mode (zsh -r) – escape via history built‑ins
  - From: Oliver Kiddle

Messages sorted by: Reverse Date, Date, Thread, Author