oss-sec mailing list archives
Re: Healing the bash fork
From: Tomas Hoger <thoger () redhat com>
Date: Wed, 1 Oct 2014 15:32:28 +0200
On Tue, 30 Sep 2014 19:19:55 -0400 (EDT) David A. Wheeler wrote:
* Approach 1: Florian Weimer's approach. Bash functions to be
exported have a prefix ("BASH_FUNC_") and suffix added. Then, ONLY
environment variables with that prefix and suffix are interpreted
specially. This approach is used by Red Hat, CentOS, Debian, Ubuntu,
and Cygwin (at least), and was later accepted into bash upstream.
The original approach used "()" as the suffix; bash upstream took
this but switched to the "%%" suffix instead, which is a nice
improvement (since "%" is not a shell metacharacter this is less
likely to trigger OTHER problems). I know Cygwin is using the bash
upstream '%%' suffix.
The following indicates there is other prefix and suffix used, that makes these incompatibility issues worse: http://support.apple.com/kb/HT6495 The names of all environment variables that introduce function definitions are required to have a prefix "__BASH_FUNC<" and suffix ">()" to prevent unintended function passing via HTTP headers. -- Tomas Hoger / Red Hat Product Security
Current thread:
- Re: Healing the bash fork, (continued)
- Re: Healing the bash fork Peter Bex (Sep 30)
- Re: Healing the bash fork Michal Zalewski (Sep 30)
- Re: Healing the bash fork Stuart D. Gathman (Oct 01)
- Re: Healing the bash fork Hanno Böck (Oct 01)
- Re: Healing the bash fork Jason Cooper (Oct 01)
- Re: Healing the bash fork Greg KH (Oct 01)
- Re: Healing the bash fork Jason Cooper (Oct 01)
- Re: Healing the bash fork Greg KH (Oct 01)
- Re: Healing the bash fork Loganaden Velvindron (Oct 01)
- Re: Healing the bash fork Colin Mahns (Oct 01)
- Re: Healing the bash fork Jason Cooper (Oct 01)
- Re: Healing the bash fork Florian Weimer (Oct 01)
- Re: Healing the bash fork David A. Wheeler (Oct 02)
- Re: Healing the bash fork David A. Wheeler (Oct 06)