Vulnerability Development mailing list archives

Re: Memory leak in Solaris 2.7 kernel?

From: Doc Savage <doxavg () GENOCIDE2600 COM>
Date: Sat, 17 Mar 2001 22:58:27 -0700

Please feel free to correct me if I'm wrong here, but this is just a shell
expansion that gets a little carried away.

ls ../* expands to parent directory, all files
ls ../*/../* expands to parent directory, all files, parent directory, all
files....nice little loop if the parent directory has a child (whihc it
obviously does since we're in one).

Bug?  not in my opinion, bad feature, probably.  This is shell expansion
at it's finest, I don't claim it to be wrong.  FWIW, this works in both
bash 2.04 and ksh on OpenBSD 2.8 x86 (not that OS matters, this should
work in any shell that does wildcard expansion).

--Dox

On Sat, 17 Mar 2001, Emre Yildirim wrote:

Here is what I got:

NetBSD:
**************************
~# uname -smr
NetBSD 1.5S i386
~# ../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*
bash: xmalloc: cannot allocate 6023 bytes (0 bytes allocated)
Connection to silicon closed.
**************************

IRIX:
**************************
# hinv | head -n 5
FPU: MIPS R10010 Floating Point Chip Revision: 0.0
CPU: MIPS R10000 Processor Chip Revision: 2.6
8 195 MHZ IP27 Processors
Main memory size: 2048 Mbytes
Instruction cache size: 32 Kbytes
# uname -smr
IRIX64 6.5 IP27
# ../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*
Out of memory.
***************************

Solaris:
***************************
# uname -a
SunOS sync 5.7 Generic_106541-10 sun4u sparc SUNW,Ultra-2
# psrinfo -v
Status of processor 0 as of: 03/17/01 19:40:57
  Processor has been on-line since 03/05/01 15:18:50.
  The sparcv9 processor operates at 296 MHz,
        and has a sparcv9 floating point processor.
Status of processor 1 as of: 03/17/01 19:40:57
  Processor has been on-line since 03/05/01 15:18:53.
  The sparcv9 processor operates at 296 MHz,
        and has a sparcv9 floating point processor.
#
# ls ../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*
^C
^C

Shell doesn't respond anymore, but load stays around 1.00.
***************************

Linux:  I've tried this on Mandrake 7.2, and the system becomes very
unstable and freezes in the end.  I had to hard reset the computer.

My $0.02:  I don't really see this as a bug, since it has to be
executed as root, and depending on your shell, you can limit normal
users' memory usage (ulimit/limit?).

--
Experience varies directly with equipment ruined.

Current thread:

Re: Segfault in login on debian potatoR2, (continued)
- - Re: Segfault in login on debian potatoR2 poke (Mar 10)
- Re: Segfault in login on debian potatoR2 Emre Yildirim (Mar 10)
- Re: Segfault in login on debian potatoR2 Nickola Pepelishev (Mar 16)
  - Memory leak in Solaris 2.7 kernel? Wakko Ellington Warner-Warner III (Mar 16)
    - Re: Memory leak in Solaris 2.7 kernel? Crist Clark (Mar 16)
    - Re: Memory leak in Solaris 2.7 kernel? Jason Storm (Mar 16)
    - Re: Memory leak in Solaris 2.7 kernel? Thomas J. Arseneault (Mar 17)
    - Re: Memory leak in Solaris 2.7 kernel? visi0n (Mar 17)
    - Re: Memory leak in Solaris 2.7 kernel? Marek Markowicz (markomar) (Mar 17)
    - Re: Memory leak in Solaris 2.7 kernel? Emre Yildirim (Mar 17)
    - Re: Memory leak in Solaris 2.7 kernel? Doc Savage (Mar 18)
    - Re: Memory leak in Solaris 2.7 kernel? Blue Boar (Mar 18)
- Re: Segfault in login on debian potatoR2 starman jones (Mar 10)
  - Re: Segfault in login on debian potatoR2 Vitaly McLain (Mar 10)