Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: buffer overflow on zsh-3.1.9

X-seq: zsh-workers 12630
From: Dan Nelson <dnelson@xxxxxxxxxxxx>
To: Jonel Rienton <nelski@xxxxxxxxxxxxxxxx>
Subject: Re: buffer overflow on zsh-3.1.9
Date: Mon, 14 Aug 2000 22:19:08 -0500
Cc: Bart Schaefer <schaefer@xxxxxxxxxxxxxxxxxxxxxxx>, zsh-workers@xxxxxxxxxxxxxx
In-reply-to: <NEBBJKIECKJPJKBDJJOECEGMCBAA.nelski@xxxxxxxxxxxxxxxx>; from "Jonel Rienton" on Mon Aug 14 18:13:24 GMT 2000
Mailing-list: contact zsh-workers-help@xxxxxxxxxxxxxx; run by ezmlm
References: <1000814183801.ZM10110@xxxxxxxxxxxxxxxxxxxxxxx> <NEBBJKIECKJPJKBDJJOECEGMCBAA.nelski@xxxxxxxxxxxxxxxx>

In the last episode (Aug 14), Jonel Rienton said:
> doesn't this constitute for a malicious user to bring down your
> system in a multi environment box?

No more than a "for(;;) malloc(1024);" loop or even /bin/sh's
"a=`yes`".  Although having zsh core dump is bad form (sh simply prints
"out of space").  Adjust your shell's resource limits if you're worried
about their memory usage.

-- 
	Dan Nelson
	dnelson@xxxxxxxxxxxx

References:
- Re: buffer overflow on zsh-3.1.9
  - From: Bart Schaefer
- RE: buffer overflow on zsh-3.1.9
  - From: Jonel Rienton

Messages sorted by: Reverse Date, Date, Thread, Author