On 09/11/2014, Rob Landley <[email protected]> wrote: > On 11/09/14 09:01, M Farkas-Dyck wrote: >> Yeah, I would deem this Someone Else's Problem.
Whatever program accepts untrusted input to sanitize it, or the kernel to enforce memory limits. > In theory a script could run grep on input from an http cgi or similar, > so the input is user controlled. It's the sort of thing that _seems_ > safe... but isn't. I would say that in this case the cgi script ought to setrlimit grep if one fears memory-allocating DoS, rather than getline have arbitrary line length limit. _______________________________________________ Toybox mailing list [email protected] http://lists.landley.net/listinfo.cgi/toybox-landley.net
