On 02/03/2015 04:19 AM, Steven D'Aprano wrote: > Anssi Saari wrote: > >> Rustom Mody <rustompm...@gmail.com> writes: >> >>> How many people (actually machines) out here are vulnerable? >>> >>> > http://security.stackexchange.com/questions/80210/ghost-bug-is-there-a-simple-way-to-test-if-my-system-is-secure >>> >>> shows a python 1-liner to check >> >> Does that check actually work for anyone? That code didn't segfalt on my >> vulnerable Debian system but it did on my router which isn't (since the >> router doesn't use glibc). Oh and of course I can't comment on >> stinkexchange since I don't have whatever mana points they require... > > Here's the one-liner: > > python -c 'import socket;y="0"*50000000;socket.gethostbyname(y)' > > > I think it is likely that y="0"*50000000 would segfault due to lack of > memory on many machines. I wouldn't trust this as a test.
I ran it on both my servers (each running a different version of the OS) which were recently updated to Red Hat's latest version of glibc that fixes the problem, and both of them segfault with this one liner. -- https://mail.python.org/mailman/listinfo/python-list