GNU bug report logs - #26227
grep critical local DoS from userspace

Previous Next

Package: grep;

Reported by: bloodman <at> gmail.com

Date: Thu, 23 Mar 2017 19:43:01 UTC

Severity: normal

Done: Jim Meyering <jim <at> meyering.net>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: bloodman <at> gmail.com
To: Jim Meyering <jim <at> meyering.net>
Cc: 26227 <at> debbugs.gnu.org
Subject: bug#26227: grep critical local DoS from userspace
Date: Fri, 24 Mar 2017 08:19:34 +0100

Hello,

Ah yes. Mea culpa. This, of course, may be a old bins/kernel/distro bug... ;]

root <at> fal:~# cat /etc/debian_version
8.7
(upgraded)

root <at> fal:~# cat /proc/version
Linux version 3.16.0-4-amd64 (debian-kernel <at> lists.debian.org) (gcc version 4.8.4 (Debian 4.8.4-1) ) #1 SMP Debian 3.16.39-1+deb8u2 (2017-03-07)

root <at> fal:~# grep -V
grep (GNU grep) 2.20

root <at> fal:~# cat /proc/cpuinfo
processor       : 0
vendor_id       : GenuineIntel
cpu family      : 6
model           : 42
model name      : Intel(R) Xeon(R) CPU E31240 @ 3.30GHz
stepping        : 7
microcode       : 0x29
cpu MHz         : 3292.508
cache size      : 8192 KB
[...]

root <at> fal:~# free
             total       used       free     shared    buffers     cached
Mem:       8152512    7972816     179696      44868     179012    7212820
-/+ buffers/cache:     580984    7571528
Swap:      7811068      48236    7762832





> tags 26227 moreinfo
> done

> On Thu, Mar 23, 2017 at 12:11 PM,  <bloodman <at> gmail.com> wrote:
>> Today I searched some files and... my server goes to hell (crash).
>>
>> replication:
>>
>> 0. log into root or user account (whatever)
>> 1. make a huge empty file (eg. 10 GB of zeros)
>> (my is: -rw-r--r-- 1 root root 10485760000 Feb 28 18:14 testfile.out)
>> 2. grep -Hi "\/tmp\/" * 2>/dev/null
>> 3. crash (probably due to out of memory)

> Thanks for the report, but...
> What version of grep are you using? The latest (grep-3.0) operates
> pretty quickly, and doesn't even use 3MB of RSS:

>   $ dd status=none bs=1M count=10000 of=big < /dev/zero && env time
> grep -l x big
>   3.69user 1.10system 0:04.81elapsed 99%CPU (0avgtext+0avgdata 2388maxresident)k
>   0inputs+0outputs (0major+102minor)pagefaults 0swaps



-- 
Tomasz 'BloodMan' Tomkowiak
This bug report was last modified 8 years and 57 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.