Does the Shellshock bug affect ZSH

bashshellshockzsh

Does the Shellshock Bash bug affect ZSH?

Is upgrading Bash the only solution?

Best Answer

No, it doesn't affect ZSH.

You still MUST update bash as most of the system scripts are written for bash and vulnerable to the shellshock bug.

To test your ZSH do this:

env x='() { :;}; echo vulnerable' zsh -c 'echo hello'

What exactly does this code do?

env x='() { :;}; echo vulnerable' creates an environment variable with known bug using command in the end of variable
zsh -c 'echo hello' launches ZSH shell with simple hello (and evaluating all env variables including x)

If you see output:

vulnerable
hello

Then your ZSH is vulnerable. Mine (5.0.2) is not:

$ env x='() { :;}; echo vulnerable' zsh -c 'echo hello'
hello

Related Solutions

Is the invisible text bug in bash a bug or a feature

That's only mean than in zsh you cannot do something like:

stty -echo     #turn off echoing what you type
stty echo      #turn on echoing
reset          #reset terminal to the default state

In bash, the above command works as expected - turn off echoing of command. Just tried in zsh - does not work. Who has a bug? ;)

Turning off echoing is possible achieve with ESC sequences, so if your program randomly send binary sequences to terminal, {or when you CTRL-\ some screen oriented program),it behaves sometimes like stty -echo and you must reset it. It is not a bug - simply it is how terminals (and terminal emulators) works.

What is strange, why in zsh stty -echo does not works.

Bash autocomplete like zsh

I use

bind 'TAB:menu-complete'

to achieve it

Best Answer

Related Solutions

Is the invisible text bug in bash a bug or a feature

Bash autocomplete like zsh

Related Question