From owner-freebsd-security@FreeBSD.ORG  Wed Oct  1 17:09:07 2014
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 4F90CA76
 for <freebsd-security@freebsd.org>; Wed,  1 Oct 2014 17:09:07 +0000 (UTC)
Received: from smtp-4-out.integrity.hu (smtp-4-out.integrity.hu
 [212.52.165.214]) by mx1.freebsd.org (Postfix) with ESMTP id 04B5176E
 for <freebsd-security@freebsd.org>; Wed,  1 Oct 2014 17:09:06 +0000 (UTC)
Received: from webmail.integrity.hu (mail-fe-1.integrity.hu [10.1.64.120])
 by mail-smtp.integrity.hu (Postfix) with ESMTPA id C600A41CC6;
 Wed,  1 Oct 2014 18:58:58 +0200 (CEST)
Received: from zdVoLRd6w40t4UCI2L+C0tI/jsbk7SwFs3NDj+p4OGi+SU9BxByfUw==
 (BdAP7fG/oxFA//PrBoCo1GXlOhMCsTKr) by webmail.integrity.hu
 with HTTP (HTTP/1.1 POST); Wed, 01 Oct 2014 18:58:58 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8;
 format=flowed
Content-Transfer-Encoding: 8bit
Date: Wed, 01 Oct 2014 18:58:58 +0200
From: gabor@zahemszky.hu
To: <freebsd-security@freebsd.org>
Subject: Re: bash velnerability
In-Reply-To: <915DA264-1022-441B-93DE-229739A861B3@dataix.net>
References: <CAHFU5H5WOnAXuFmfQEGkTvwoECATTCC3eKYE3yts+Bqh1M_8ww@mail.gmail.com>
 <00000148ab969845-5940abcc-bb88-4111-8f7f-8671b0d0300b-000000@us-west-2.amazonses.com>
 <54243F0F.6070904@FreeBSD.org> <54244982.8010002@FreeBSD.org>
 <16EB2C50-FBBA-4797-83B0-FB340A737238@circl.lu>
 <542596E3.3070707@FreeBSD.org>
 <CAHcXP+dx2etYgQPNiAxk2P68Z-4j+bTvdMoHfz+xKsBDKh9Z9g@mail.gmail.com>
 <5425999A.3070405@FreeBSD.org> <5425A548.9090306@FreeBSD.org>
 <5425D427.8090309@FreeBSD.org> <54298266.1090201@sentex.net>
 <5429851B.8060500@FreeBSD.org> <542AFC54.9010405@FreeBSD.org>
 <542B087D.3040903@FreeBSD.org>
 <CC9931CC-6BEA-4416-9546-42D6E49C1129@mac.com>
 <915DA264-1022-441B-93DE-229739A861B3@dataix.net>
Message-ID: <d2efe9857cac3297bfcfa422f19ddcbd@zahemszky.hu>
X-Sender: gabor@zahemszky.hu
User-Agent: Roundcube Webmail/0.8.4
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Oct 2014 17:09:07 -0000

2014-09-30 23:48 időpontban Jason Hellenthal ezt írta:
> I would agree with that. Considering the korn shell was found out to
> be importing functions from bash this morning that it does not
> completely know how to interpret goes to say that there is a much
> bigger issue at face here than the mere sys admins can begin to 
> fathom
> quite yet.

Can you provide us links to this Korn-shell problem? And which
version of Korn-shell are you talking about? Eg. in FreeBSD ports,
we have at least three different type of kshs:

shells/ksh93 - the original, from AT&T's David Korn
shells/pdksh - a public domain reimplementation of the old ksh88
shells/mksh - the MirBSD's Korn-shell (a fork of pdksh)

Thanks,

Gabor < Gabor at Zahemszky dot HU >