Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20140930031109.GA14626@gremlin.ru>
Date: Tue, 30 Sep 2014 07:11:09 +0400
From: gremlin@...mlin.ru
To: oss-security@...ts.openwall.com
Subject: Re: Healing the bash fork

On 29-Sep-2014 22:34:20 -0400, Chet Ramey wrote:

 >> What is the motivation to not store executable code (functions)
 >> differently from standard variables?

 > What would you use for such a store, considering the environment
 > is the only portable way to pass this information from one process
 > to another in the general case, and support the current set of
 > use cases?

C.O. to the rescue: temporary file.

If one shell instance needs to pass some functions to another, it
could dump those functions to a temporary file and pass the --load
(or, better, --load-functions) options with a filename parameter.

The functions file name may also be passed through environment, but
that could open another set of security holes (like reading files).


-- 
Alexey V. Vissarionov aka Gremlin from Kremlin <gremlin ПРИ gremlin ТЧК ru>
GPG: 8832FE9FA791F7968AC96E4E909DAC45EF3B1FA8 @ hkp://keys.gnupg.net

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.