[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Testing for Shellshock ... combinatorics and latest(Shellshock) Bash
From: |
Eric Blake |
Subject: |
Re: Testing for Shellshock ... combinatorics and latest(Shellshock) Bash Vulnerability...(attn: Chet Ramey) |
Date: |
Fri, 10 Oct 2014 09:04:10 -0600 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.1.1 |
On 10/10/2014 08:55 AM, Stephane Chazelas wrote:
> But I can't see why the content of a variable should be
> interpreted as anything else than an arithmetic expression just
> because it's in an array subscript.
For the record, there are vulnerable shell scripts in the wild that fail
to sanitize their inputs before passing it through arithmetic expansion,
all because MULTIPLE shells (bash, ksh, mksh, zsh) all have the same
semantic decision of performing command substitution as part of
arithmetic expansion. For example:
$ /usr/sbin/fsadm -n resize /dev/sdb '0+x[`id >/dev/tty`]T'
demonstrates that fsadm is vulnerable for trying to do $(($1)) without
sanitizing $1 first.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
- re: Testing for Shellshock ... combinatorics and latest(Shellshock) Bash Vulnerability...(attn: Chet Ramey), Rick Karcich (rkarcich), 2014/10/09
- Re: Testing for Shellshock ... combinatorics and latest(Shellshock) Bash Vulnerability...(attn: Chet Ramey), Eduardo A . Bustamante López, 2014/10/09
- Re: Testing for Shellshock ... combinatorics and latest(Shellshock) Bash Vulnerability...(attn: Chet Ramey), Pádraig Brady, 2014/10/09
- Re: Testing for Shellshock ... combinatorics and latest(Shellshock) Bash Vulnerability...(attn: Chet Ramey), Chet Ramey, 2014/10/09
- Re: Testing for Shellshock ... combinatorics and latest(Shellshock) Bash Vulnerability...(attn: Chet Ramey), Chet Ramey, 2014/10/13
- expansions upon arithmetic evaluation in array subscripts, Stephane Chazelas, 2014/10/13
- Re: expansions upon arithmetic evaluation in array subscripts, Chet Ramey, 2014/10/14
- Re: expansions upon arithmetic evaluation in array subscripts, Linda Walsh, 2014/10/14
- Re: expansions upon arithmetic evaluation in array subscripts, Chet Ramey, 2014/10/14
Re: Testing for Shellshock ... combinatorics and latest(Shellshock) Bash Vulnerability...(attn: Chet Ramey), Chet Ramey, 2014/10/09