Re: Testing for Shellshock ... combinatorics and latest(Shellshock) Bash

bug-bash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Testing for Shellshock ... combinatorics and latest(Shellshock) Bash

From:	Eric Blake
Subject:	Re: Testing for Shellshock ... combinatorics and latest(Shellshock) Bash Vulnerability...(attn: Chet Ramey)
Date:	Fri, 10 Oct 2014 09:04:10 -0600
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.1.1

On 10/10/2014 08:55 AM, Stephane Chazelas wrote:

> But I can't see why the content of a variable should be
> interpreted as anything else than an arithmetic expression just
> because it's in an array subscript.

For the record, there are vulnerable shell scripts in the wild that fail
to sanitize their inputs before passing it through arithmetic expansion,
all because MULTIPLE shells (bash, ksh, mksh, zsh) all have the same
semantic decision of performing command substitution as part of
arithmetic expansion.  For example:

$ /usr/sbin/fsadm -n resize /dev/sdb '0+x[`id >/dev/tty`]T'

demonstrates that fsadm is vulnerable for trying to do $(($1)) without
sanitizing $1 first.

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

signature.asc
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

re: Testing for Shellshock ... combinatorics and latest(Shellshock) Bash Vulnerability...(attn: Chet Ramey), Rick Karcich (rkarcich), 2014/10/09
- Re: Testing for Shellshock ... combinatorics and latest(Shellshock) Bash Vulnerability...(attn: Chet Ramey), Eduardo A . Bustamante López, 2014/10/09
  - Re: [Help-bash] Testing for Shellshock ... combinatorics and latest(Shellshock) Bash Vulnerability...(attn: Chet Ramey), Chet Ramey, 2014/10/09
- Re: Testing for Shellshock ... combinatorics and latest(Shellshock) Bash Vulnerability...(attn: Chet Ramey), Pádraig Brady, 2014/10/09
  - Re: Testing for Shellshock ... combinatorics and latest(Shellshock) Bash Vulnerability...(attn: Chet Ramey), Chet Ramey, 2014/10/09
    - Re: Testing for Shellshock ... combinatorics and latest(Shellshock) Bash Vulnerability...(attn: Chet Ramey), Stephane Chazelas, 2014/10/10
    - Re: Testing for Shellshock ... combinatorics and latest(Shellshock) Bash Vulnerability...(attn: Chet Ramey), Chet Ramey, 2014/10/10
    - Re: Testing for Shellshock ... combinatorics and latest(Shellshock) Bash Vulnerability...(attn: Chet Ramey), Stephane Chazelas, 2014/10/10
    - Re: Testing for Shellshock ... combinatorics and latest(Shellshock) Bash Vulnerability...(attn: Chet Ramey), Eric Blake <=
    - Re: Testing for Shellshock ... combinatorics and latest(Shellshock) Bash Vulnerability...(attn: Chet Ramey), Stephane Chazelas, 2014/10/10
    - Re: Testing for Shellshock ... combinatorics and latest(Shellshock) Bash Vulnerability...(attn: Chet Ramey), Chet Ramey, 2014/10/13
    - expansions upon arithmetic evaluation in array subscripts, Stephane Chazelas, 2014/10/13
    - Re: expansions upon arithmetic evaluation in array subscripts, Chet Ramey, 2014/10/14
    - Re: expansions upon arithmetic evaluation in array subscripts, Linda Walsh, 2014/10/14
    - Re: expansions upon arithmetic evaluation in array subscripts, Chet Ramey, 2014/10/14
- Re: Testing for Shellshock ... combinatorics and latest(Shellshock) Bash Vulnerability...(attn: Chet Ramey), Chet Ramey, 2014/10/09

Prev by Date: Re: Testing for Shellshock ... combinatorics and latest(Shellshock) Bash Vulnerability...(attn: Chet Ramey)
Next by Date: Re: Testing for Shellshock ... combinatorics and latest(Shellshock) Bash Vulnerability...(attn: Chet Ramey)
Previous by thread: Re: Testing for Shellshock ... combinatorics and latest(Shellshock) Bash Vulnerability...(attn: Chet Ramey)
Next by thread: Re: Testing for Shellshock ... combinatorics and latest(Shellshock) Bash Vulnerability...(attn: Chet Ramey)
Index(es):
- Date
- Thread