[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Does bash treat segment fault causing by scripts as security bugs ?
|
From: |
Chet Ramey |
|
Subject: |
Re: Does bash treat segment fault causing by scripts as security bugs ? |
|
Date: |
Mon, 20 Feb 2017 09:16:57 -0500 |
|
User-agent: |
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:45.0) Gecko/20100101 Thunderbird/45.7.1 |
On 2/19/17 9:11 PM, kkk K wrote:
> okļ¼one poc I think should like this:
> =========================
> #!/bin/bash
> a="1||"
> b=`printf "%.s"$a {1..50000}`"1"
> eval $b
> =========================
> this code will make a segment fault, of cource , eval or printf actually is
> not necessary,
> the problem is about the "1 || 1 || .... 1" expression,
> parser in interpreting OR Expressions did not take recursive stack
> overflow into condsider,
> Will you take this as a security bug ?
Why do you consider this a security bug? You overflow the process's stack
in exactly the same way you did before. How does this elevate privilege?
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRU chet@case.edu http://cnswww.cns.cwru.edu/~chet/