[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVE-2014-7169 vs CVE-2014-6271

From: Eric Blake
Subject: Re: CVE-2014-7169 vs CVE-2014-6271
Date: Fri, 26 Sep 2014 15:11:08 -0600
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.1.0

On 09/26/2014 02:57 PM, Alan Wild wrote:
> I want to apologize for adding more confusion to this issue.  My statements
> about CVE-2014-7169 where incorrect and misguided.  This change does not
> remove function exporting but only changes how the function names are
> encoded as variable names.

Actually, Chet's fix for CVE-2014-7169 (patch 26, mentioned here:
http://www.openwall.com/lists/oss-security/2014/09/26/1) does NOT change
how function names are encoded; that is a separate patch (such as this
one that Red Hat is using:
http://www.openwall.com/lists/oss-security/2014/09/25/13).  I'm hoping
that Chet will accept the direction that Red Hat has already decided to
go and issue patch 27 as a result, but that is still under discussion.

But yes, it means that the market is now fragmented - upstream bash and
Red Hat bash currently use DIFFERENT syntax for converting raw exports
into functions.  Please read Red Hat's knowledge base article:

> If it helps reduce the confusion, machines with the older bash releases or
> CVE-2014-6271 would export a function as follows:
> -bash-3.2$ bash -c 'x() { echo "functions still work" "$@"; }; export -f x;
> env | egrep "functions still work"'
> x=() {  echo "functions still work" "$@"
> but after the patch you get

By "the patch", you are here referring to Red Hat's patch, not Chet's.

> -bash-3.2$ bash -c 'x() { echo "functions still work" "$@"; }; export -f x;
> env | egrep "functions still work"'
> BASH_FUNC_x()=() {  echo "functions still work" "$@"

Correct, this is symptomatic of a Red Hat build.

Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]