Bash recursion insecurity

Aki Tuomi cmouse at desteem.org
Mon Sep 25 00:25:50 PDT 2006


On Sun, Sep 24, 2006 at 10:28:12PM +0400, Vladimir A. Pavlov wrote:
> I don't really know if the patch you suggest is really needed...
> Sorry :(
> 
> My thoughts are if an attacker, say, can execute bash scripts on the
> server then recursive calls is the last thing he will try to break the
> server with.
> 
> -- 
> Nothing but perfection
> pv
> --

Bsides, you might actually need to run several levels of recursion. Just
consider a script that recursively walks filesystem from root.

1. / 
 2. /usr
  3. /usr/local
   4. /usr/local/share
    5. /usr/local/share/perl

and so on... this should *NEVER* be broken. 

Aki Tuomi
 
> http://linuxfromscratch.org/mailman/listinfo/hlfs-dev
> FAQ: http://www.linuxfromscratch.org/faq/
> Unsubscribe: See the above information page



More information about the hlfs-dev mailing list