[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Nano-devel] Vulnerability

From: Joshua Rogers
Subject: Re: [Nano-devel] Vulnerability
Date: Tue, 15 Jan 2013 10:38:15 +1100
User-agent: Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/17.0 Thunderbird/17.0

a process that runs away isn't an immediate DoS.  what service exactly are you 
denying access to ?  the immediate editor env ?  the cpu ?  any semi-sane OS 
isn't going to be severely impacted by a runaway editor
I do not consider a runaway program a DoS.
But I do consider a "Segmentation fault (core dumped)" a DoS
Especially when I have 32GB of ram, and I'm only editing a 3.1MB program.

The 'nn' file should be quite easy to generate locally:

for i in $(seq 50000); do echo xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx >> nn; done
It was generated like this:
perl -e 'print "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\n"x(50000)' > nn
It will also cause a program with 5794 lines( and doing what I said ) to segfault. with a size of only 732K

I still havent been able to get to the first section of your bug
report so maybe that's actually the ideal place to start.  Help is
As I said in a previous email, is there anything I could do to debug it better?


Joshua Rogers - Retro Game Collector && IT Security Specialist
gpg pubkey
On 15/01/13 03:28, Mike Frysinger wrote:

reply via email to

[Prev in Thread] Current Thread [Next in Thread]