Vulnerability Development mailing list archives

Re: possible su local D.o.S

From: Flavio Veloso <flaviovs () magnux com>
Date: Thu, 13 Dec 2001 14:39:41 -0200 (BRST)

On Thu, 13 Dec 2001, H VC wrote:

Did you ever tried the command below?

    $ perl -e 'print "A" x 100000000' > /dev/null

Hi,

Dave Ahmad ( da () securityfocus com ) tell me to post this.

On a default installation of RedHat 7.2 sh-utils-2.0.11-5 is installed. On a
RH 7.1 sh-utils version is 2.0.13 ... ¿ Why this ?

On my RH 7.2 I tried this :

[hvc@condor hvc] $ su `perl -e 'print "A" x 100000000'`

and my box got practically frozen.
I'm on a K6-II 500 , 128 MB and 550 of swap.

I have noticed that it only seems to work whe I parse a user string
to su near the limit ( free mem. + swap ). Over this range is detected
as a too many large string but also just over the available memory...

Why su allows so large user names ?
How long could be a unix/linux user name ?
Why do not su limit the size of username to the unix/linux max. size of a
user name ?

Thanks.

HVC

Hugo Vázquez Caramés
IT Security Services Winmat
Barcelona
Spain

overclocking_a_la_abuela () hotmail com





_________________________________________________________________
Descargue GRATUITAMENTE MSN Explorer en http://explorer.yupimsn.com/intl.asp


-- 
Flávio

Current thread:

possible su local D.o.S H VC (Dec 13)
- Re: possible su local D.o.S Flavio Veloso (Dec 13)
- Re: possible su local D.o.S Michal Zalewski (Dec 13)
- Re: possible su local D.o.S Jose Nazario (Dec 13)
- Re: possible su local D.o.S Blue Boar (Dec 13)
- Re: possible su local D.o.S Robert Freeman (Dec 13)
- Re: possible su local D.o.S Emre Yildirim (Dec 13)
  - Re: possible su local D.o.S White Vampire (Dec 13)
  - Re: possible su local D.o.S Ron DuFresne (Dec 13)
- <Possible follow-ups>
- Re: possible su local D.o.S Frank de Lange (Dec 13)