bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Does bash treat segment fault causing by scripts as security bugs ?


From: kkk K
Subject: Re: Does bash treat segment fault causing by scripts as security bugs ?
Date: Mon, 20 Feb 2017 10:11:20 +0800

ok,one poc I think should like this:
=========================
#!/bin/bash
a="1||"
b=`printf "%.s"$a {1..50000}`"1"
eval $b
=========================
this code will make a segment fault, of cource , eval or printf actually is not necessary,
the problem is about the "1 || 1 || .... 1" _expression_, 
parser in interpreting  OR Expressions did not take recursive stack overflow into condsider,
Will you take this as a security bug ?

Regards





2017-02-15 23:27 GMT+08:00 Chet Ramey <address@hidden>:
On 2/15/17 9:45 AM, Pierre Gaston wrote:
> I'm re-adding the list.
>
> On Wed, Feb 15, 2017 at 4:34 PM, kkk K <address@hidden
> <mailto:address@hidden>> wrote:
>
>     What If I find a bug bypassing the FUNCNEST limitation ?
>     I mean I found a bug which about some paser logic in bash,
>     finially It will crash bash, And FUNCNEST cannot stop it from crashing
>     bash.
>
>
> I think you should feel free to submit your bug report, since the number of
> reports is low, false reports are not a problem and you may have a genuine bug.

Yes.  If you think you have found a bug, please report it.  If it's not
a bug, we'll tell you; there's no problem.

--
``The lyf so short, the craft so long to lerne.'' - Chaucer
                 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRU    address@hidden    http://cnswww.cns.cwru.edu/~chet/


reply via email to

[Prev in Thread] Current Thread [Next in Thread]