Bash memory exhaustion (was Re: Multiple vendors FTP denial of service)

[Nick Lamb <njl98r () ECS SOTON AC UK>]

On Mon, Mar 19, 2001 at 10:24:43AM -0700, Elias Levy wrote:
> From: Liviu Sas <liviu () bv ro>
>
> Looks like bash  2.04.0(1)-release an linux, and older are also vulnerable
> to this bug ...
> a `ls */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*` comand
> makes bash eat all memory and cpu available making the machine crash.

The machine will only crash if you've instructed it to allow bash to
allocate memory indefinitely. Unless you trust your users not to be
malicious or incompetent you should have kernel-enforced limits in place
to prevent this.

Set limits on userspace processes, in e.g. Red Hat /etc/security/limits.conf
and ensure that your limits reflect the capabilities of the hardware.
Getting this perfect is very hard, but getting it good enough to deter
casual vandals or thoughtless users is quite easy.

It is arguable that the FTP daemon is responsible for doing argument
checking to prevent DOS attacks, but bash can hardly be held to the same
standard.

Nick.

Attachment: _bin
Description: