Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: Security issue in Zsh restricted mode (zsh -r) – escape via history built‑ins

X-seq: zsh-workers 54183
From: Bart Schaefer <schaefer@xxxxxxxxxxxxxxxx>
To: zsh-workers@xxxxxxx
Subject: Re: Security issue in Zsh restricted mode (zsh -r) – escape via history built‑ins
Date: Wed, 11 Feb 2026 10:06:16 -0800
Arc-authentication-results: i=1; mx.google.com; arc=none
Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=content-transfer-encoding:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=HsBq9UFz8Me+eqeAB7O24006jdEopXm8GV5x826Y590=; fh=SbTlPuNNxBzTkRlwWtqw/TXBY0HvGvtE97RpPp3sJPM=; b=AN4t30c2831Pv0jKYi10l/IMQ7X4eWSTeSvfhJPahtKjADS6eEnRS16n18OGQ7Y+L9 ISU3dNIcXIVKoFznO7qEfcnJGaQUNA6XXc6862pZcAiYDHu5kSYrZ3w/tOt6f/kbCSYw IvQorN7K6i6hgi/DW/8sIfVlf1TMjbuARUkcz8jTBWfyhaB+i7Rgi9wPUysRpdIqgmcc 8bpzdie+g8PhEG7fGWvPbIzXDGvl/aPv04bQpprfwDyLIaL3bTz8ZD7ZeMr15TzbMfY9 j3140tevC6x9fz04ESZOQM5M2tyHGXzwA+jQJRlWGxtZ6l1b/U5MCU5x7xrGAsyhiU8w O5ug==; darn=zsh.org
Arc-seal: i=1; a=rsa-sha256; t=1770833188; cv=none; d=google.com; s=arc-20240605; b=V/B24D9Esel4hZckZJ/NFFUNzmvEYHdg3pjfVFU7dbh7froS85e6C5wbPFHz5GQ9NR od8xgXC4+2fVM5P0gr2jUlxb7iFY2HrGDOwbV/JO+CxQFdQSQLetH2vtdSQ8zDx534zo at3LD+HQb1pfHJrBAj+J3fuAsCyEqhUW1aak+ciNY1ch3Dv/scIkX/9GBSAFIcZLE6eP qijHojoL6X7UaEAcivOWd2SwC6sgLV89BWt79I0xBj8Yf56CFqmDXG/QzOdKUVgwKPru ohaX9/g6k5ollRyfFVTei8T2gh81/qJGJ+UJJMhB/iVefbpBJ51xND4W8kgbPmRhosPG TQ4g==
Archived-at: <https://zsh.org/workers/54183>
In-reply-to: <59616-1770769280.438132@XTM7.n7uI.5s3U>
List-id: <zsh-workers.zsh.org>
References: <CAPmip_z18_wQBZ09GG7TEKZ0GsTqQ34iZRvhsMAExOLSCcdQsg@mail.gmail.com> <72787-1769800688.979791@U6Lk.sn9M.AyYc> <CAHYJk3T4W+U3mCzqGB7LUkJp-JuUSiEBNe4hx0e-=zMyZQuPGQ@mail.gmail.com> <62255-1769947817.277408@Fj-1.JoGb.8iVT> <59616-1770769280.438132@XTM7.n7uI.5s3U>

On Tue, Feb 10, 2026 at 4:23 PM Oliver Kiddle <opk@xxxxxxx> wrote:
>
> On 1 Feb, I wrote:
> > On further deliberation, I think we should just drop the whole
> > restricted mode feature. The documentation has carried a warning that
> > "the feature may be removed in future" for the past six years.
>
> Nobody argued for a reprieve so a patch to get rid of it follows.

The only reason I could think of to keep it is for "accident
prevention" -- not real security, just a sort of universal "setopt
noclobber".

References:
- Security issue in Zsh restricted mode (zsh -r) – escape via history built‑ins
  - From: cyber security
- Re: Security issue in Zsh restricted mode (zsh -r) – escape via history built‑ins
  - From: Oliver Kiddle
- Re: Security issue in Zsh restricted mode (zsh -r) – escape via history built‑ins
  - From: Mikael Magnusson
- Re: Security issue in Zsh restricted mode (zsh -r) – escape via history built‑ins
  - From: Oliver Kiddle
- Re: Security issue in Zsh restricted mode (zsh -r) – escape via history built‑ins
  - From: Oliver Kiddle

Messages sorted by: Reverse Date, Date, Thread, Author