Re: possible su local D.o.S

From: Frank de Lange (secf-frankat_private)
Date: Thu Dec 13 2001 - 14:35:02 PST

Next message: Ron DuFresne: "Re: possible su local D.o.S"

Previous message: White Vampire: "Re: possible su local D.o.S"
Maybe in reply to: H VC: "possible su local D.o.S"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This is what I got with:

bash --version
	GNU bash, version 2.05.9(1)-release (i686-redhat-linux-gnu)
	Copyright 2000 Free Software Foundation, Inc.

su --version
	su (GNU sh-utils) 2.0
	Written by David MacKenzie.

	[frank@behemoth frank]$ time su `perl -e 'print "A" x 100000000'`
	bash: /bin/su: Argument list too long

	real	1m20.578s
	user	0m52.170s
	sys	0m17.470s

The bash process had grown to 415 MB, and stays about the same size:

	[frank@behemoth frank]$ ps u 2085
	USER       PID %CPU %MEM   VSZ  RSS TTY      STAT START   TIME COMMAND
	frank     2085  5.5 55.0 526884 425400 pts/5 S    22:28   2:35 bash

So, this is not a su issue. I get the same results with e.g. /usr/bin/yes:

	[frank@behemoth frank]$ time yes `perl -e 'print "A" x 100000000'`
	bash: /usr/bin/yes: Argument list too long

	real	1m3.431s
	user	0m51.760s
	sys	0m12.170s

It doesn't really matter which program you try to start this way, as the
program never gets a chance to run:

	[frank@behemoth frank]$ time ls `perl -e 'print "A" x 100000000'`
	bash: /bin/ls: Argument list too long

	real	1m3.835s
	user	0m51.820s
	sys	0m14.700s

Other shells react more or less the same:


tcsh 6.08.00: reacts almost immediately with Word too long for ls

	>  time ls `perl -e 'print "A" x 100000000'`
	Word too long.
	0.010u 0.000s 0:01.51 0.6%	0+0k 0+0io 0pf+0w

zsh 3.0.5: takes a long time, grows to 520 MB, but then comes back with
        argument list too long for ls

	behemoth% time ls `perl -e 'print "A" x 100000000'`
	zsh: argument list too long: ls
	ls   196.96s user 5.61s system 98% cpu 3:25.83 total

ash 0.2: interesting, gives argument list too long for time, not ls

	$ time ls `perl -e 'print "A" x 100000000'`
	time: argument list too long

pdksh 5.2.14: same idea...

	[\u@\h \W]$ time ls `perl -e 'print "A" x 100000000'`
	ksh: ls: Argument list too long
	   16.96s real    12.31s user     2.70s system

This all on a 2x466 Celeron with 768 MB and 500 MB swap

Cheers//Frank
-- 
  WWWWW      _______________________
 ## o o\    /     Frank de Lange     \
 }#   \|   /                          \
  ##---# _/     <Hacker for Hire>      \
   ####   \      +31-320-252965        /
           \ secf-frankat_private  /
            -------------------------
 [ "Omnis enim res, quae dando non deficit, dum habetur
    et non datur, nondum habetur, quomodo habenda est."  ]

Next message: Ron DuFresne: "Re: possible su local D.o.S"
Previous message: White Vampire: "Re: possible su local D.o.S"
Maybe in reply to: H VC: "possible su local D.o.S"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Dec 13 2001 - 16:56:19 PST