GNU bug report logs - #26227
grep critical local DoS from userspace

Previous Next

Package: grep;

Reported by: bloodman <at> gmail.com

Date: Thu, 23 Mar 2017 19:43:01 UTC

Severity: normal

Done: Jim Meyering <jim <at> meyering.net>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: bloodman <at> gmail.com
Subject: bug#26227: closed (Re: bug#26227: grep critical local DoS from
 userspace)
Date: Sun, 26 Mar 2017 01:10:03 +0000

[Message part 1 (text/plain, inline)]
Your bug report

#26227: grep critical local DoS from userspace

which was filed against the grep package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 26227 <at> debbugs.gnu.org.

-- 
26227: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=26227
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Jim Meyering <jim <at> meyering.net>
To: Tomasz Tomkowiak <bloodman <at> gmail.com>
Cc: 26227-done <at> debbugs.gnu.org
Subject: Re: bug#26227: grep critical local DoS from userspace
Date: Sat, 25 Mar 2017 18:08:36 -0700

tags 26227 notabug
thanks

On Fri, Mar 24, 2017 at 12:19 AM,  <bloodman <at> gmail.com> wrote:
> Ah yes. Mea culpa. This, of course, may be a old bins/kernel/distro bug... ;]
>
> root <at> fal:~# cat /etc/debian_version
> 8.7
> (upgraded)
>
> root <at> fal:~# cat /proc/version
> Linux version 3.16.0-4-amd64 (debian-kernel <at> lists.debian.org) (gcc version 4.8.4 (Debian 4.8.4-1) ) #1 SMP Debian 3.16.39-1+deb8u2 (2017-03-07)
>
> root <at> fal:~# grep -V
> grep (GNU grep) 2.20

In that case, I'm closing this auto-created issue and tagging it as "notabug".


[Message part 3 (message/rfc822, inline)]
From: bloodman <at> gmail.com
To: bug-grep <at> gnu.org
Subject: grep critical local DoS from userspace
Date: Thu, 23 Mar 2017 20:11:58 +0100

Hello,

Today I searched some files and... my server goes to hell (crash).

replication:

0. log into root or user account (whatever)
1. make a huge empty file (eg. 10 GB of zeros)
(my is: -rw-r--r-- 1 root root 10485760000 Feb 28 18:14 testfile.out)
2. grep -Hi "\/tmp\/" * 2>/dev/null
3. crash (probably due to out of memory)

... damn...

greetz,
-- 
Tomasz 'BloodMan' Tomkowiak
This bug report was last modified 8 years and 57 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.