Full Disclosure mailing list archives

Re: bash vulnerability?

From: starwars <nobody () tatooine homelinux net>
Date: Sun, 14 Aug 2005 10:21:49 +0200 (CEST)



Wernfried Haas wrote:

assuming you actually meant
:(){ :|:& };: (which can be harmful if no limits are set)?


   It should be noted that according to the limits man page, "By default no quotas are imposed on 'root'. In fact, 
there is no way to impose limits via this procedure to root-equiv accounts (account with UID 0)."

"ulimit -u 15"
 
  only works temporarily for that user unless issed in a startup script. "echo '* U15' > /etc/limits" 

(as root of course) is a permanent solution (root is still unaffected).

-secjunky 
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

bash vulnerability? Shari Vegas (Aug 13)
- Re: bash vulnerability? Wernfried Haas (Aug 13)
  - Re: bash vulnerability? Wernfried Haas (Aug 13)
    - RE: bash vulnerability? Sean Crawford (Aug 13)
    - Re: bash vulnerability? Matija Vidmar (Aug 13)
    - Re: bash vulnerability? Andre' Breiler (Aug 13)
    - Re: bash vulnerability? fd (Aug 14)
- Re: bash vulnerability? Milan 't4c' Berger (Aug 13)
- <Possible follow-ups>
- Re: bash vulnerability? starwars (Aug 14)
- RE: bash vulnerability? Jay (Aug 15)
  - Re: bash vulnerability? Rik Bobbaers (Aug 16)
    - Re: bash vulnerability? Jay (Aug 16)
    - Re: bash vulnerability? Boris Jordanov / Борис Йорданов (Aug 16)
    - Re: bash vulnerability? luke (Aug 16)
    - Re: bash vulnerability? Rik Bobbaers (Aug 16)
    - Re: bash vulnerability? Graham Reed (Aug 16)
    - Re: bash vulnerability? nocfed (Aug 18)
    - Re: bash vulnerability? nocfed (Aug 18)
- RE: bash vulnerability? Lauro, John (Aug 19)

(Thread continues...)