Vulnerability Development mailing list archives

Re: possible su local D.o.S

From: Michal Zalewski <lcamtuf () coredump cx>
Date: Thu, 13 Dec 2001 11:52:45 -0500 (EST)

On Thu, 13 Dec 2001, H VC wrote:

[hvc@condor hvc] $ su `perl -e 'print "A" x 100000000'`

and my box got practically frozen.
I'm on a K6-II 500 , 128 MB and 550 of swap.


This is because you asked perl to create a 100 MB string by appending one
character enormous one hundred million times - and bash to cache this
"here" document. It has nothing to do with su. Su didn't even get
executed. It should work the same way for any other program (try 'sleep').

You can easily prevent this kind of attack by setting per-user or
per-process resource limits on your system.

-- 
_____________________________________________________
Michal Zalewski [lcamtuf () bos bindview com] [security]
[http://lcamtuf.coredump.cx] <=-=> bash$ :(){ :|:&};:
=-=> Did you know that clones never use mirrors? <=-=
          http://lcamtuf.coredump.cx/photo/

Current thread:

possible su local D.o.S H VC (Dec 13)
- Re: possible su local D.o.S Flavio Veloso (Dec 13)
- Re: possible su local D.o.S Michal Zalewski (Dec 13)
- Re: possible su local D.o.S Jose Nazario (Dec 13)
- Re: possible su local D.o.S Blue Boar (Dec 13)
- Re: possible su local D.o.S Robert Freeman (Dec 13)
- Re: possible su local D.o.S Emre Yildirim (Dec 13)
  - Re: possible su local D.o.S White Vampire (Dec 13)
  - Re: possible su local D.o.S Ron DuFresne (Dec 13)
- <Possible follow-ups>
- Re: possible su local D.o.S Frank de Lange (Dec 13)