[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Nano-devel] Vulnerability
From: |
Mike Frysinger |
Subject: |
Re: [Nano-devel] Vulnerability |
Date: |
Mon, 14 Jan 2013 11:28:45 -0500 |
User-agent: |
KMail/1.13.7 (Linux/3.7.1; KDE/4.6.5; x86_64; ; ) |
On Sunday 13 January 2013 20:26:46 Joshua Rogers wrote:
please don't top post
> Well, it is classified as a vulnerability, even if it is a very small
> one(DoS)
a process that runs away isn't an immediate DoS. what service exactly are you
denying access to ? the immediate editor env ? the cpu ? any semi-sane OS
isn't going to be severely impacted by a runaway editor
as for the former, have you looked at how nano works ? it reads *the entire
file* into memory before editing it. here's another "DoS" for you:
$ dd if=/dev/zero of=foo seek=100000000 count=1
$ du -bh foo
48G foo
$ nano foo
<uses cpu forever as it tries to allocate memory>
you could probably argue it's not the greatest design, but it's not a sec
issue.
> I'm just trying to make it so when you google my name, people don't find
> my previous Black Hat activities, which I've since changed.
> And a CVE entry with like that would be great.
if you're a Black Hat, then you shouldn't have a problem making a new name as
a White Hat. but filing CVEs for interactive editors like nano isn't going to
get you much cred.
-mike
signature.asc
Description: This is a digitally signed message part.
- Re: [Nano-devel] Vulnerability, (continued)
- Re: [Nano-devel] Vulnerability, Mike Frysinger, 2013/01/13
- Re: [Nano-devel] Vulnerability, Eitan Adler, 2013/01/13
- Re: [Nano-devel] Vulnerability, Joshua Rogers, 2013/01/13
- Re: [Nano-devel] Vulnerability, Kamil Dudka, 2013/01/14
- Re: [Nano-devel] Vulnerability, Joshua Rogers, 2013/01/14
- Re: [Nano-devel] Vulnerability, Kamil Dudka, 2013/01/14
- Re: [Nano-devel] Vulnerability, Joshua Rogers, 2013/01/14
- Re: [Nano-devel] Vulnerability, Joshua Rogers, 2013/01/14
- Re: [Nano-devel] Vulnerability, Joshua Rogers, 2013/01/14
- Re: [Nano-devel] Vulnerability, Kamil Dudka, 2013/01/14
- Re: [Nano-devel] Vulnerability,
Mike Frysinger <=
- Re: [Nano-devel] Vulnerability, Chris Allegretta, 2013/01/14
- Re: [Nano-devel] Vulnerability, Joshua Rogers, 2013/01/14
- Re: [Nano-devel] Vulnerability, Joshua Rogers, 2013/01/14
- Re: [Nano-devel] Vulnerability, Chris Allegretta, 2013/01/15
- Re: [Nano-devel] Vulnerability, Joshua Rogers, 2013/01/15
- Re: [Nano-devel] Vulnerability, Chris Allegretta, 2013/01/20
- Re: [Nano-devel] Vulnerability, Joshua Rogers, 2013/01/20