Enforce that TMOUT is an integer literal to prevent command execution from - wireguard-openbsd - WireGuard implementation for the OpenBSD kernel

diff options

author	tb <tb@openbsd.org>	2020-02-21 18:21:23 +0000
committer	tb <tb@openbsd.org>	2020-02-21 18:21:23 +0000
commit	96c62c754df7e3260d67e44cafd133d26ed83d7c (patch)
tree	4c76a292aa3cb30374088d6b20b66890981869f1 /sys/dev/usb/uhub.c
parent	Remove the s2n macro now that it is finally unused. (diff)
download	wireguard-openbsd-96c62c754df7e3260d67e44cafd133d26ed83d7c.tar.xz wireguard-openbsd-96c62c754df7e3260d67e44cafd133d26ed83d7c.zip

Enforce that TMOUT is an integer literal to prevent command execution from

the environment at shell initialization time. During startup, ksh calls 'eval typeset -i TMOUT="${TMOUT:-0}"'. which allows command injection via arithmetic expansion, e.g., by setting TMOUT to 'x[`/bin/echo Hi >&2`]'. Problem noted by Andras Farkas and tj, inspired by a similar issue in AT&T's ksh. Tested in snaps for two weeks. "go for it" deraadt

Diffstat (limited to 'sys/dev/usb/uhub.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: