Hi, There is a non exploitable integer overflow in /bin/ls.
Check the following: /opt/bin/valgrind /bin/ls -w 1073741828 -C ==21243== Invalid write of size 4 ==21243== at 0x804E498: (within /bin/ls) ==21243== by 0x804CC3C: (within /bin/ls) ==21243== by 0x804B721: (within /bin/ls) ==21243== by 0x8049F74: (within /bin/ls) ==21243== Address 0x41430CC8 is 8 bytes after a block of size 8 alloc'd ==21243== at 0x40160504: malloc (vg_clientfuncs.c:100) ==21243== by 0x80534D0: (within /bin/ls) ==21243== by 0x804E4FB: (within /bin/ls) ==21243== by 0x804CC3C: (within /bin/ls) The heap is quite screwed, but ls is killed by the kernel due to memory usage. Probably ls should not accept big ints after -w. As a side effect this causes temporary DoS in wu-ftpd. georgi _______________________________________________ Bug-coreutils mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/bug-coreutils
