hi, I cannot replicate this in anyway, I just created 1024 functions and then ran unset -f in a while [ 1 ]; do done; loop on the very same bash version but on earlier version of darwin, and everything seems fine. Could you please provide the exact code that triggers the problem, together with a description of how you are running it?
cheers, pg On 22 Apr 2016, at 01:12, Nikolay Kolev wrote: > Basically, after doing a bunch of unset -f, I can crash Bash, version GNU > bash, version 4.3.42(1)-release (x86_64-apple-darwin15.0.0), which could > possibly be an attack vector. Here's the info from /var/log/system.log > > Apr 21 15:45:00 NikolayKolev-mac iTerm2[87962]: > ReceiveMessageAndFileDescriptor > Apr 21 15:45:00 NikolayKolev-mac iTerm2[87962]: calling recvmsg... > Apr 21 15:45:00 NikolayKolev-mac iTerm2-Server[87965]: Installing SIGHUP > handler. > Apr 21 15:45:00 NikolayKolev-mac iTerm2-Server[87965]: Installing SIGCHLD > handler. > Apr 21 15:45:00 NikolayKolev-mac iTerm2-Server[87965]: Unblocking SIGCHLD. > Apr 21 15:45:00 NikolayKolev-mac iTerm2-Server[87965]: Sending file > descriptor and waiting on initial connection > Apr 21 15:45:00 NikolayKolev-mac iTerm2-Server[87965]: send master fd and > child pid 87966 > Apr 21 15:45:00 NikolayKolev-mac iTerm2-Server[87965]: All done. Waiting for > client to disconnect or child to die. > Apr 21 15:45:00 NikolayKolev-mac iTerm2-Server[87965]: Calling select... > Apr 21 15:45:00 NikolayKolev-mac iTerm2[87962]: recvmsg returned 4, errno=n/a > Apr 21 15:45:00 NikolayKolev-mac iTerm2[87962]: recvmsg returned 4 > Apr 21 15:45:00 NikolayKolev-mac iTerm2[87962]: Got a fd > Apr 21 15:45:00 NikolayKolev-mac iTerm2[87962]: Return 4 > Apr 21 15:45:00 NikolayKolev-mac login[87966]: USER_PROCESS: 87966 ttys000 > Apr 21 15:45:07 NikolayKolev-mac -bash[87967]: -bash(87967,0x7fff79c34000) > malloc: *** error for object 0x7: pointer being freed was not allocated > *** set a breakpoint in malloc_error_break to debug > Apr 21 15:45:07 NikolayKolev-mac diagnosticd[71728]: error evaluating process > info - pid: 87967, punique: 187665 > Apr 21 15:45:07 NikolayKolev-mac login[87966]: DEAD_PROCESS: 87966 ttys000 > Apr 21 15:45:07 NikolayKolev-mac iTerm2-Server[87965]: select returned -1, > error = Interrupted system call > Apr 21 15:45:07 NikolayKolev-mac iTerm2-Server[87965]: Calling select... > Apr 21 15:45:07 NikolayKolev-mac iTerm2-Server[87965]: select returned 1, > error = Interrupted system call > Apr 21 15:45:07 NikolayKolev-mac iTerm2-Server[87965]: select returned. child > dead=2, connection closed=0 > Apr 21 15:45:07 NikolayKolev-mac iTerm2-Server[87965]: Connection closed. > Apr 21 15:45:07 NikolayKolev-mac iTerm2-Server[87965]: Unlink > /var/tmp/iTerm2.socket.87965 > Apr 21 15:45:07 NikolayKolev-mac iTerm2[87962]: File descriptor server exited > with status 0 > Apr 21 15:45:07 NikolayKolev-mac ReportCrash[87670]: Saved crash report for > bash[87967] version 0 to > /Users/NikolayKolev/Library/Logs/DiagnosticReports/bash_2016-04-21-154507_NikolayKolev-mac.crash
