[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: I think I may have found a possible dos attack vector within bash.
|
From: |
dethrophes |
|
Subject: |
Re: I think I may have found a possible dos attack vector within bash. |
|
Date: |
Tue, 20 Mar 2012 18:47:17 +0100 |
|
User-agent: |
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:11.0) Gecko/20120312 Thunderbird/11.0 |
Am 20.03.2012 17:47, schrieb Eamonn Smyth:
Without sounding alarmist, I can break my machine using bash. I also have a
fix. I shall be officially releasing the c code this weekend at the
hackathon london.
As my code following correctly implements the logic the dos attack vector
is negated.
The replacement code
/*Do openql maths Now*/
//Exploiting the Fundamental Theorem of Arithmetic
int i;
int vcount = 0;
for (c=0;c<matrixsize;c++){
for (i=0;i<levels;i++){
if (gptr[i]->vcount == gptr[i]->Xsize){
gptr[i]->vcount = 0;
gptr[i]->get++;
}
if (gptr[i]->get> (gptr[i]->begin + (gptr[i]->groupsize -1)))
gptr[i]->get = gptr[i]->begin;
int get = gptr[i]->get;
printf("%s",lookup[gptr[i]->get]);//This line is writing the
machine states on turings tape.
gptr[i]->vcount++;
}
if (i == levels)
printf("\n");
}
//printf("End Of Turing Tape.\n");//Realized 19th March 2012 A Few
Days before the Hackathon.
}
As the maintainers of bash it should be easy for you using your knowledge
base of bash schemantics to implement.
As apposed to me learning bash.
This will constitute my first patch contribution to linux and gnu.
Cheers.
Eamonn.
without sounding alarmist we can all break our machines using bash
try "rm -R /*" ;)
or if you can't elevate the privileges this will still give you a headache.
"rm -R ~/*" ;)
The trick is breaking somebody else machine and even that isn't that big
a problem, so you need to be more specific as to how you broke something.
Firstly what version of bash are you using, please use bashbug to get
the exact information.
Secondly when you say dos? you mean a windows command prompt or you
actually mean DOS 6.22, dosbox, or a text box what do you consider dos?.
what os are you on
What has any of this to do with linux?
but anyway bash isn't secure, it can't be because of how it works. The only
context in which it is valid to talk about bash attacks is if by manipulating
the data used by a trusted bash script you can compromise that script, and even
in that case its unlikely to be a problem in bash but rather a poorly written
bash script.
saying you've found a bash exploit is like saying you found a c exploit, kinda
a /non sequitur/. because if you wrote the script it has bash privileges
anyway unless you're talking about having used the -s options?
or are you a just 10ish days early?