You have been subscribed to a public bug by Marc Deslauriers (mdeslaur):
Binary package hint: bash
Attached is a shell script that was part of a security experiment of
mine showing that a fork bomb can be just as easily hidden in a shell
script as it can be executed in plain sight using a shell function.
My findings of this experiment are that the script can be crafted to
recursively and indefinitely execute instances of itself. This, unlike a
command that is run as a function in the shell, isn't visible to the
user unless opened in an editor. It can be given any name (even a
misleading one) and can be executed without the user knowing what's
lurking inside it.
It is also dangerous because the script itself can be crafted to perform
highly CPU-intensive tasks (or even delete files!) on top of exploding
into a million processes. We all know just how much damage this can
cause.
ProblemType: Bug
DistroRelease: Ubuntu 11.04
Package: bash 4.1-2ubuntu4
ProcVersionSignature: Ubuntu 2.6.37-8.21-generic 2.6.37-rc4
Uname: Linux 2.6.37-8-generic i686
Architecture: i386
Date: Sat Dec 11 22:33:24 2010
InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Alpha i386 (20101205)
ProcEnviron:
LANG=en_US.utf8
SHELL=/bin/bash
SourcePackage: bash
** Affects: bash (Ubuntu)
Importance: Undecided
Status: New
** Tags: apport-bug i386 natty
--
Fork bombs can just as easily be coded into shell scripts as they can into bomb
functions
https://bugs.launchpad.net/bugs/689176
You received this bug notification because you are a member of Ubuntu Bugs,
which is a direct subscriber.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
