Date: Mon, 22 Oct 2007 14:25:42 -0700
From: Gary Kline <kline@tao.thought.org>
To: freebsd-questions@freebsd.org, laszlo.danielisz@gmail.com
Subject: Re: defend from -> :() { :&:; } ;:
Message-ID: <20071022212542.GA7058@thought.org>
In-Reply-To: <20071022164418.GA864@glitch.rwxrwxrwx.net>
References: <123275.56819.qm@web30812.mail.mud.yahoo.com> <20071022164418.GA864@glitch.rwxrwxrwx.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Oct 22, 2007 at 06:44:18PM +0200, Martin Tournoij wrote:
> On Sun 21 Oct 2007 12:10, Danielisz Laszlo wrote:
> > Please do not try to execute this: :() { :&:; } ;: on your BSD machine.
> > I ask all who already tried it how to defend from this?
>
> Wow,, my machine just crashed :-/
> Does in this work on other OS's as well (ie. GNU/Linux)? Or just
> (Free?)BSD? I really don't feel like crashing another machine right
> now...
>
> Only works in sh, not in csh.
>
> Anyway, this seems to be security/stability issue, maybe a PR is in
> order?
>
> Regards,
> Martin Tournoij
If this *is* only a /bin/sh bug, then it maybe time to issue a
PR. Remember that *our* "Bourne" shell is really "a shell" or
ash. I remember hacking on this and playing with it back in tha
late 80's.
It might be time to use zsh as the FBSD /bin/sh
gary
--
Gary Kline kline@thought.org www.thought.org Public Service Unix
http://jottings.thought.org http://transfinite.thought.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071022212542.GA7058>