On Sat, Oct 06, 2018 at 12:33:22 -0400, Chet Ramey wrote: > On 10/5/18 9:33 PM, Mike Gerwitz wrote: >> The following code will cause a segfault on bash-4.4.19(1) on >> GNUÂ Guix. I reproduced the issue on an old Ubuntu 14.04 LTS running >> bash-4.3.11(1) as well as a Trisquel system running the same version. >> >> bash -c 'trap "kill 0" TERM; kill 0' >> >> Also segfaults when replacing `0' with `$$', and presumably in any other >> situation that would trigger the trap recursively. > > Yes. Bash has allowed recursive trap handlers since early 2014 (pre-4.3) > due to requests for the feature and compatibility with other shells that > allow it. > > If you manage to create infinite recursion, bash won't stop you.
Sure, I agree that the feature is useful, but are you saying that
terminating with a segfault is the intended behavior for runaway
recursion? Upon further inspection, it does look like
`foo() { foo; }; foo' also causes a segfault, so the behavior is
consistent with trap recursion.
As long as there is no exploitable flaw here, then I suppose this isn't
a problem; it's just that most users assume that a segfault represents a
problem with the program (unless they're dealing with their own memory
management). I haven't inspected the code to see if this is an access
violation or if Bash is intentionally signaling SIGSEGV.
In any case, thanks for the reply.
--
Mike Gerwitz
signature.asc
Description: PGP signature
