|
| From: | Joshua Rogers |
| Subject: | Re: [Nano-devel] Vulnerability |
| Date: | Tue, 15 Jan 2013 10:38:15 +1100 |
| User-agent: | Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/17.0 Thunderbird/17.0 |
I do not consider a runaway program a DoS.a process that runs away isn't an immediate DoS. what service exactly are you denying access to ? the immediate editor env ? the cpu ? any semi-sane OS isn't going to be severely impacted by a runaway editor But I do consider a "Segmentation fault (core dumped)" a DoS Especially when I have 32GB of ram, and I'm only editing a 3.1MB program. Yes,The 'nn' file should be quite easy to generate locally: for i in $(seq 50000); do echo xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx >> nn; done It was generated like this: perl -e 'print "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\n"x(50000)' > nn FYI: It will also cause a program with 5794 lines( and doing what I said ) to segfault. with a size of only 732K As I said in a previous email, is there anything I could do to debug it better?I still havent been able to get to the first section of your bug report so maybe that's actually the ideal place to start. Help is Thanks Joshua Rogers - Retro Game
Collector && IT Security Specialist
On 15/01/13 03:28, Mike Frysinger wrote:gpg pubkey |
| [Prev in Thread] | Current Thread | [Next in Thread] |