Hey Greg,
I wasn't particularly trying to actually generate that large amount of
strings in memory, I wa purposely trying to overflow the integer variable
"nelem"hoping to get Code Execution. This could potentially be a security
risk as shell shock was just more of a denial of service rather than
straight up code execution. However, just because I wasn't able to gain
control of the registers doesn't mean someone else with more skill can't.
On Monday, August 17, 2015, Greg Wooledge wrote:
> On Sat, Aug 15, 2015 at 08:53:55PM -0700, Pasha K wrote:
> > (gdb) r -c "for x in {1..9223372036854775805}; do echo overflow; done"
>
> Brace expansion requires bash to generate and store ALL of those strings
> in memory simultaneously. I seriously doubt any computer on earth has
> enough virtual memory to hold what you've asked for here. (Unless I'm
> miscounting, you've asked bash to generate over 900 quintillion strings
> of length varying from 1 to 19 bytes in length (2 to 20 with NULs).)
>
> If you want to count to a large number, use a C-style for loop instead
> of a brace expansion.
>
> for ((x=1; x<=90; x++)); do ...; done
>
