bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Does bash treat segment fault causing by scripts as security bugs ?


From: Chet Ramey
Subject: Re: Does bash treat segment fault causing by scripts as security bugs ?
Date: Mon, 20 Feb 2017 09:16:57 -0500
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:45.0) Gecko/20100101 Thunderbird/45.7.1

On 2/19/17 9:11 PM, kkk K wrote:
> okļ¼Œone poc I think should like this:
> =========================
> #!/bin/bash
> a="1||"
> b=`printf "%.s"$a {1..50000}`"1"
> eval $b
> =========================
> this code will make a segment fault, of cource , eval or printf actually is
> not necessary,
> the problem is about the "1 || 1 || .... 1" expression, 
> parser in interpreting  OR Expressions did not take recursive stack
> overflow into condsider,
> Will you take this as a security bug ?

Why do you consider this a security bug?  You overflow the process's stack
in exactly the same way you did before.  How does this elevate privilege?

-- 
``The lyf so short, the craft so long to lerne.'' - Chaucer
                 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRU    address@hidden    http://cnswww.cns.cwru.edu/~chet/



reply via email to

[Prev in Thread] Current Thread [Next in Thread]