Re: Integer Overflow in braces

[John McKown]

On Mon, Aug 17, 2015 at 6:15 PM, Eric Blake <eblake@redhat.com> wrote:

​<snip>

Fix your script to not do stupid things, like trying an insanely-large
brace expansion, or trying an 'eval' (or similar) on untrusted user
input. But don't call it a bash security hole that bash allows you to
write stupid scripts.

​Good point. And, not meaning to be nasty, the "security hole" would be in the head of the person who allowed such a programmer to write mission critical code. 

I will assume that the OP was actually in a "learning" mode while doing unusual things which he knew better than to do, "just to see what happens". Of course, reporting it as a bug wasn't really the right thing to do.

Reminds me of a bug(?) in an online system which, when triggered, would cause the system to update the user's login password with an untypeable character.​ One clever programmer used this bug to "punish" people who ran his program without authorization. 

 

--
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

--

Schrodinger's backup: The condition of any backup is unknown until a restore is attempted.

Yoda of Borg, we are. Futile, resistance is, yes. Assimilated, you will be.

He's about as useful as a wax frying pan.

10 to the 12th power microphones = 1 Megaphone

Maranatha! <><
John McKown