bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Integer Overflow in braces


From: John McKown
Subject: Re: Integer Overflow in braces
Date: Tue, 18 Aug 2015 07:33:16 -0500

On Mon, Aug 17, 2015 at 6:15 PM, Eric Blake <address@hidden> wrote:
​<snip>

Fix your script to not do stupid things, like trying an insanely-large
brace expansion, or trying an 'eval' (or similar) on untrusted user
input. But don't call it a bash security hole that bash allows you to
write stupid scripts.

​Good point. And, not meaning to be nasty, the "security hole" would be in the head of the person who allowed such a programmer to write mission critical code. 

I will assume that the OP was actually in a "learning" mode while doing unusual things which he knew better than to do, "just to see what happens". Of course, reporting it as a bug wasn't really the right thing to do.

Reminds me of a bug(?) in an online system which, when triggered, would cause the system to update the user's login password with an untypeable character.​ One clever programmer used this bug to "punish" people who ran his program without authorization. 

 

--
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org




--

Schrodinger's backup: The condition of any backup is unknown until a restore is attempted.

Yoda of Borg, we are. Futile, resistance is, yes. Assimilated, you will be.

He's about as useful as a wax frying pan.

10 to the 12th power microphones = 1 Megaphone

Maranatha! <><
John McKown

reply via email to

[Prev in Thread] Current Thread [Next in Thread]