2012-03-20 16:47:51 +0000, Eamonn Smyth: > Without sounding alarmist, I can break my machine using bash. I also have a > fix. I shall be officially releasing the c code this weekend at the > hackathon london. [...]
A DOS vector often found is bash *scripts* is when a script takes user input in a variable and that variable is left unquoted upon expansion in list contexts. For instance this CGI script which looks harmless at first glance: #! /bin/bash - q=$QUERYSTRING printf '%s\r\n' "Content-type: text/plain" "" if echo $q | grep ...; then echo "Invalid input" fi Try with values of $QUERYSTRING like /*/*/*/../../../*/*/*/../../../*/*/*/../../../*/*/* (beware it might cause your computer to crash) -- Stephane
