Re: I think I may have found a possible dos attack vector within bash.

[Stephane Chazelas]

2012-03-20 16:47:51 +0000, Eamonn Smyth:
> Without sounding alarmist, I can break my machine using bash. I also have a
> fix. I shall be officially releasing the c code this weekend at the
> hackathon london.
[...]

A DOS vector often found is bash *scripts* is when a script
takes user input in a variable and that variable is left
unquoted upon expansion in list contexts.

For instance this CGI script which looks harmless at first
glance:

#! /bin/bash -
q=$QUERYSTRING
printf '%s\r\n' "Content-type: text/plain" ""
if echo $q | grep ...; then
  echo "Invalid input"
fi

Try with values of $QUERYSTRING like
/*/*/*/../../../*/*/*/../../../*/*/*/../../../*/*/*

(beware it might cause your computer to crash)

-- 
Stephane