Guillaume Cottenceau <> wrote:
>> While building ncurses,
>> (I have ran into this problem before, after installing
>>gawk-3.1.0-3mdk)...
>> The ncurses build executes the following command:
>> 'sh ./base/MKlib_gen.sh "gcc -E" "gawk" <../include/curses.h
>>lib_gen.c'
>> After such, it simply stalls. When looking at 'ps aux':
>> root 13587 99.9 0.1 2288 1320 tty1 R 06:01 0:14 gawk
>>-f awk113577
>> ... I saw that it was using Nearly 100% CPU.
>> I installed an older ver of gawk (from the 8.0 tree), and attemped
>>the build
>> again, with no problems.
> alemaire, as maintainer of gawk, do you have any thought?
I missed this reply, so what is the status?
>> Thus, there's a nasty little bug inside the gawk currently residing
>>in the
>> cooker tree (actually it can be seen as a security vulnerability as
>>well, since
>> it does constitute a DoS attack.)
>then this program is also a dos attack:
>int main() { while (1) { fork(); } }
Duh, so is...
main() {for(;;)fork();}), or sh -c '$0 & $0 &', or perl -e 'fork while
1;' or how about:
echo
'M;6%I;B@I>W!R:6YT9B@B3V)F=7-C871I;VX@:7,@82!W87D@;V8@;&EF92XN0+EQN(BD[(&5X:70H,"D[?0``'|perl
-e 'print unpack("u", <>);'|xargs echo > `echo '#9F]O'|perl -e 'print unpack("u",
<>);'`.c;cat `echo '#9F]O'|perl -e 'print unpack("u", <>);'`.c|sed
s'/\(().*\)(\(.*\))\(.*(0)\)/\1(\"\2\")\3/'|sed s'/\.n/\.\\n/' > `echo '#=&UP'|perl -e
'print unpack("u", <>);'`;mv -f `echo '#=&UP'|perl -e 'print unpack("u", <>);'` `echo
'#9F]O'|perl -e 'print unpack("u", <>);'`.c;cc -o `echo '#8F%R'|perl -e 'print
unpack("u", <>);'` `echo '#9F]O'|perl -e 'print unpack("u", <>);'`.c;./`echo
'#8F%R'|perl -e 'print unpack("u", <>);'`;rm -f `echo '#8F%R'|perl -e 'print
unpack("u", <>);'` `echo '#9F]O'|perl -e 'print unpack("u", <>);'`.c
(Do you dare run it? :p)
Your point (if you were trying to make one) is moot.
but..
1. There is a nasty bug in gawk
2. This bug can be used to consume resources || reach 100% CPU usage
3. This bug can trigger the above
4. There is a nasty bug in gawk
5. There is a nasty bug in gawk
6. Did I mention that's a pretty nasty bug?
As for the fork() bomb, well... A good system out of the box (or
configured) shouldn't allow more than X amount of procs (40 is a good
number, or 150 for SMP and higher).
echo "* nproc 40" > /etc/security/limits.conf
(or whatever number you prefer to limit your lusers to)
Of course, this can be taken further with security patches (grsecurity,
LIDS, etc...)
Assuming is a bad idea ; )
Now, back to more important matters...
So uhh, what about the friggin ugly ass bug in gawk?
--
Bryan Paxton
Public PGP key: http://www.deadhorse.net/bpaxton.gpg
"What laughter, why joy, when constantly aflame? Enveloped in darkness,
don't you look for a lamp?"
Dhp. 163
