On 10/30/18 9:19 PM, Eduardo Bustamante wrote:
> On Tue, Oct 30, 2018 at 1:03 PM Corbin Souffrant
> wrote:
> (...)
>> I found a reproducible use-after-free in every version of Bash from
>> 4.4-5.0beta, that could potentially be used to escape restricted mode. I
>> say potentially, because I can ge
I emailed with Chet today and got approval to post the writeup here. He
has already applied the patch. Thanks again for the fast response!
-Corbin
Use After Free Writeup:
In bash <3.2 using ^C while in a large brace expansion would slowly eat
memory with no way to ^C, so in bash 3.2 (2006-10-
On Tue, Oct 30, 2018 at 1:03 PM Corbin Souffrant
wrote:
(...)
> I found a reproducible use-after-free in every version of Bash from
> 4.4-5.0beta, that could potentially be used to escape restricted mode. I
> say potentially, because I can get it to crash in restricted mode, but I
> haven't gone t
Hello,
I found a reproducible use-after-free in every version of Bash from
4.4-5.0beta, that could potentially be used to escape restricted mode. I
say potentially, because I can get it to crash in restricted mode, but I
haven't gone through the effort of attempting to heap spray to overwrite
func
On Mon, Oct 29, 2018 at 7:37 AM Ilkka Virta wrote:
>
>prompt_to_bol() { local pos; printf '\e[6n'; read -sdR pos;
>[[ ${pos#*;} != 1 ]] && printf '\e[30;47m%%\n\e[0m'; }
>PROMPT_COMMAND=prompt_to_bol
>
> (I stole the main parts from the answers in
> https://unix.stackexchange.com/q
