Vulnerability Development mailing list archives
Re: possible su local D.o.S
From: Flavio Veloso <flaviovs () magnux com>
Date: Thu, 13 Dec 2001 14:39:41 -0200 (BRST)
On Thu, 13 Dec 2001, H VC wrote: Did you ever tried the command below? $ perl -e 'print "A" x 100000000' > /dev/null
Hi, Dave Ahmad ( da () securityfocus com ) tell me to post this. On a default installation of RedHat 7.2 sh-utils-2.0.11-5 is installed. On a RH 7.1 sh-utils version is 2.0.13 ... ¿ Why this ? On my RH 7.2 I tried this : [hvc@condor hvc] $ su `perl -e 'print "A" x 100000000'` and my box got practically frozen. I'm on a K6-II 500 , 128 MB and 550 of swap. I have noticed that it only seems to work whe I parse a user string to su near the limit ( free mem. + swap ). Over this range is detected as a too many large string but also just over the available memory... Why su allows so large user names ? How long could be a unix/linux user name ? Why do not su limit the size of username to the unix/linux max. size of a user name ? Thanks. HVC Hugo Vázquez Caramés IT Security Services Winmat Barcelona Spain overclocking_a_la_abuela () hotmail com _________________________________________________________________ Descargue GRATUITAMENTE MSN Explorer en http://explorer.yupimsn.com/intl.asp
-- Flávio
Current thread:
- possible su local D.o.S H VC (Dec 13)
- Re: possible su local D.o.S Flavio Veloso (Dec 13)
- Re: possible su local D.o.S Michal Zalewski (Dec 13)
- Re: possible su local D.o.S Jose Nazario (Dec 13)
- Re: possible su local D.o.S Blue Boar (Dec 13)
- Re: possible su local D.o.S Robert Freeman (Dec 13)
- Re: possible su local D.o.S Emre Yildirim (Dec 13)
- Re: possible su local D.o.S White Vampire (Dec 13)
- Re: possible su local D.o.S Ron DuFresne (Dec 13)
- <Possible follow-ups>
- Re: possible su local D.o.S Frank de Lange (Dec 13)