From owner-freebsd-hackers Fri Mar 24 10: 5: 4 2000 Delivered-To: freebsd-hackers@freebsd.org Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2]) by hub.freebsd.org (Postfix) with ESMTP id 420AD37B7CE; Fri, 24 Mar 2000 10:04:59 -0800 (PST) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.9.3/8.9.1) id KAA14795; Fri, 24 Mar 2000 10:04:25 -0800 (PST) (envelope-from dillon) Date: Fri, 24 Mar 2000 10:04:25 -0800 (PST) From: Matthew Dillon Message-Id: <200003241804.KAA14795@apollo.backplane.com> To: Dungeonkeeper Cc: freebsd-security@FreeBSD.ORG, freebsd-hackers@FreeBSD.ORG Subject: Re: shell issue References: Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG :Hi there, : :First of all: I want to apologise for my poor english. : :Today me and a few friends of mine discussed the shells' (well, shell is :actualy one of: sh/bash/csh/tcsh... not tested for ksh) command line expansion :routines, mainly because of a problem discovered by one of my friends. I'm not :sure if this is something new... So, let me explain what he found. It seems :that the shell wants to allocate enough memory to hold the entire command line :when expanding all of the arguments and we can force it to allocate hudge :ammount of memory with a tricky command like this: : :carnivoro# /bin/csh -c `cat /dev/urandom` You can trivially write any program to allocate memory continuously. This isn't really a security problem with shells. If you want to cap memory useage you can set a datasize limit. It doesn't cap everything (i.e. it doesn't cap mmap() use), but it does cover the most common mistakes that users make. -Matt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message