bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Does bash treat segment fault causing by scripts as security bugs ?


From: Pierre Gaston
Subject: Re: Does bash treat segment fault causing by scripts as security bugs ?
Date: Wed, 15 Feb 2017 15:01:49 +0200



On Wed, Feb 15, 2017 at 11:44 AM, kkk K <address@hidden> wrote:
for example,
simple bash recur function call:

======================
#!/bin/bash

function test()
{
test $1
}

test 1
======================

sincerely for your reply


bash has a special variable FUNCNEST to limit the recursion if you want to prevent infinite recursion.

However, this subject has been discussed multiple times, it's easy to write arbitrary code that crashes bash (not to mention the whole machine).
This doesn't necessarily mean that there is a bug in bash, but in your code.

If you can run arbitrary code in a shell (or even if your script doesn't validate its input), your security is already compromised.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]