I think that it has nothing to do with su, rather malloc() limitations. That
is to say that if you tried it with anything else, it probably would have
the same effect. On my SuSE 7.2 install, it halts for a second and then
exits out of the current shell.

Robert

----- Original Message -----
From: "H VC" <overclocking_a_la_abuelahotmail.com>
To: <vuln-devsecurityfocus.com>
Sent: Thursday, December 13, 2001 4:54 AM
Subject: possible su local D.o.S

> Hi,
>
> Dave Ahmad ( dasecurityfocus.com ) tell me to post this.
>
> On a default installation of RedHat 7.2 sh-utils-2.0.11-5 is installed. On
a
> RH 7.1 sh-utils version is 2.0.13 ... ¿ Why this ?
>
> On my RH 7.2 I tried this :
>
> [hvccondor hvc] $ su `perl -e 'print "A" x 100000000'`
>
> and my box got practically frozen.
> I'm on a K6-II 500 , 128 MB and 550 of swap.
>
> I have noticed that it only seems to work whe I parse a user string
> to su near the limit ( free mem. + swap ). Over this range is detected
> as a too many large string but also just over the available memory...
>
> Why su allows so large user names ?
> How long could be a unix/linux user name ?
> Why do not su limit the size of username to the unix/linux max. size of a
> user name ?
>
> Thanks.
>
> HVC
>
> Hugo Vázquez Caramés
> IT Security Services Winmat
> Barcelona
> Spain
>
> overclocking_a_la_abuelahotmail.com
>
>
>
>
>
> _________________________________________________________________
> Descargue GRATUITAMENTE MSN Explorer en
http://explorer.yupimsn.com/intl.asp
>

----------------------------------------------------
Sign Up for NetZero Platinum Today
Only $9.95 per month!
http://my.netzero.net/s/signup?r=platinum&refcd=PT97

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]