Bugtraq mailing list archives
tcsh/Solaris (Re: More telnet Daemon Fun)
From: pir () SHORE NET (Peter Radcliffe)
Date: Wed, 3 Dec 1997 11:26:11 -0500
Aaron Campbell <aaron () ug cs dal ca> probably said:
Regarding user-supplied terminfo files...
Lastly, while doing some testing, I discovered that setting my TERM variable to a 256-character string under Solaris 2.5.1 caused my bash shell session to crash, dump core and log me out. This may or may not have been mentioned on Bugtraq before, and may or may not be due to missing patches.
tcsh:
pir@foo> uname -a
SunOS foo 5.6 Generic sun4m sparc SUNW,SPARCstation-5
pir@foo> setenv TERM "1234567890123456789012345678901234567890123456789012
34567890123456789012345678901234567890123456789012345678901234567890123456
78901234567890123456789012345678901234567890123456789012345645678901234567
89012345678901234567890123456789012345678901234567890123456789"
tcsh: using dumb terminal settings.
Bus error (core dumped)
pir@bar> uname -a
SunOS bar 5.5.1 Generic_103640-12 sun4m sparc SUNW,SPARCstation-10
pir@bar> setenv TERM "1234567890123456789012345678901234567890123456789012
34567890123456789012345678901234567890123456789012345678901234567890123456
78901234567890123456789012345678901234567890123456789012345645678901234567
89012345678901234567890123456789012345678901234567890123456789"
tcsh: using dumb terminal settings.
Bus error (core dumped)
As far as I know, these two machines are up to date in all relavant patches.
2.6:
sigprocmask(SIG_BLOCK, 0xEFFFBDE0, 0x00000000) = 0
open("/usr/share/lib/terminfo/1/1234567890123456789012345678901234567890
123456789012345678901234567890123456789012345678901234567890123456789012
345678901234567890123456789012345678901234567890123456789012345678901234
564567890123456789012345678901234567890123456789012345678901234567890123
456789", O_RDONLY) Err#78 ENAMETOOLONG
access("/usr/share/lib/terminfo/.", 0) = 0
tcsh: using dumb terminal settings.
write(1, " t c s h : u s i n g ".., 36) = 36
ioctl(16, TIOCGWINSZ, 0xEFFFBDD8) = 0
sigprocmask(SIG_UNBLOCK, 0xEFFFBDE0, 0x00000000) = 0
close(0) = 0
close(1) = 0
close(2) = 0
open("/dev/null", O_RDONLY) = 0
fcntl(0, F_DUP2FD, 0x00000001) = 1
fcntl(0, F_DUP2FD, 0x00000002) = 2
sigprocmask(SIG_BLOCK, 0xEFFFE8D8, 0x00000000) = 0
ioctl(16, TIOCGWINSZ, 0xEFFFE8D0) = 0
sigprocmask(SIG_UNBLOCK, 0xEFFFE8D8, 0x00000000) = 0
sigprocmask(SIG_UNBLOCK, 0xEFFFE9C0, 0x00000000) = 0
Incurred fault #5, FLTACCESS %pc = 0x00035DB8
siginfo: SIGBUS BUS_ADRALN addr=0x3334353A
Received signal #10, SIGBUS [default]
siginfo: SIGBUS BUS_ADRALN addr=0x3334353A
*** process killed ***
bash 2.01 on 2.6 or 2.5.1 seems to cope with this just fine.
Whos the tcsh maintaner these days :)
P.
--
Peter Radcliffe | pir () shore net | Shore.net systems administrator.
Current thread:
- Re: Possible Solaris 2.6 hole at(1M), (continued)
- Re: Possible Solaris 2.6 hole at(1M) Casper Dik (Dec 04)
- Re: an detailed explaination why land attack works? Bill Paul (Dec 03)
- Fw: Insufficient allocations in net/unix/garbage.c (fwd) Phillip R. Jaenke (Dec 03)
- Re: Fw: Insufficient allocations in net/unix/garbage.c (fwd) Alan Cox (Dec 04)
- Sun Security Bulletin #00159 (fwd) Howie (Dec 03)
- Sun Security Bulletin #00160 (fwd) Howie (Dec 03)
- Q165005: Windows NT Slows Down Due to Land Attack Aleph One (Dec 04)
- Q177539: Windows 95 Stops Responding Because of Land Attack Aleph One (Dec 04)
- More telnet Daemon Fun Aaron Campbell (Dec 01)
- Re: More telnet Daemon Fun Elliot Lee (Dec 02)
- tcsh/Solaris (Re: More telnet Daemon Fun) Peter Radcliffe (Dec 03)
- scoterm exploit Aleph One (Dec 04)
- Re: Linux inetd.. Alan Cox (Dec 02)
- Re: Linux inetd.. Darren Reed (Dec 02)
- Re: Linux inetd.. Darren Reed (Dec 02)
- Re: Linux inetd.. G P R (Dec 01)
- Sendmail quirks Duck Vader (Dec 02)
- Re: Linux inetd.. der Mouse (Dec 15)