[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: I think I may have found a possible dos attack vector within bash.
From: |
Stephane Chazelas |
Subject: |
Re: I think I may have found a possible dos attack vector within bash. |
Date: |
Tue, 20 Mar 2012 18:17:30 +0000 |
User-agent: |
Mutt/1.5.21 (2010-09-15) |
2012-03-20 16:47:51 +0000, Eamonn Smyth:
> Without sounding alarmist, I can break my machine using bash. I also have a
> fix. I shall be officially releasing the c code this weekend at the
> hackathon london.
[...]
A DOS vector often found is bash *scripts* is when a script
takes user input in a variable and that variable is left
unquoted upon expansion in list contexts.
For instance this CGI script which looks harmless at first
glance:
#! /bin/bash -
q=$QUERYSTRING
printf '%s\r\n' "Content-type: text/plain" ""
if echo $q | grep ...; then
echo "Invalid input"
fi
Try with values of $QUERYSTRING like
/*/*/*/../../../*/*/*/../../../*/*/*/../../../*/*/*
(beware it might cause your computer to crash)
--
Stephane