autoconf
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bash security issue


From: Zack Weinberg
Subject: Re: Bash security issue
Date: Fri, 26 Sep 2014 11:42:49 -0400

On Fri, Sep 26, 2014 at 10:36 AM, Eric Blake <address@hidden> wrote:
> On 09/26/2014 08:22 AM, Zack Weinberg wrote:
>>
>> The question in my mind is, is exporting functions a POSIX shell feature?
>> If not, perhaps it should just be scrapped altogether.
>
> Why not read POSIX and find out for yourself?

I would normally, but I am traveling right now and limited to things
that work on my phone.  The Open Group's site is not one of those
things, unfortunately.  Thanks for checking for me.

> export -f is not required by POSIX, so it is a shell extension.  But
> people DO rely on it, so nuking it now would be a backwards incompatible
> break.  I'd still like to keep it, but with a smarter implementation.

Fair enough...

> Other messages on the list have suggested smarter implementations, such
> as using 'BASH_FUNC_foo()=...' instead of 'foo=() {' as the magic for
> doing the export, thus eliminating the collision.

That should help.  I might be a bit more aggressive, e.g.

_BASH_FUNC_<8 random hex chars>_<name>() = body of function

The 8 random hex chars come from something unpredictable but stable in
the filesystem, so even if an attacker can somehow put () in an
environment variable name they can't reasonably generate these names.
(I think 2^-64 is probably improbable enough for this.)

And I'd take the curly braces off the function body, too, to ensure
the original bug can't possibly come back.

> it would be okay if we let /bin/bash continue to import functions
> by default, but have bash invoked as /bin/sh refuse to do imports by
> default.  If the ability to import functions becomes conditional on
> argv[0], then I also suggest that bash have a 'set -o' option or 'shopt'
> setting that can let the user override the default (a way to invoke
> /bin/sh but with function imports, or a way to invoke /bin/bash but with
> no functions).

Sure.

zw



reply via email to

[Prev in Thread] Current Thread [Next in Thread]