GNU bug report logs - #26227
grep critical local DoS from userspace

Previous Next

Package: grep;

Reported by: bloodman <at> gmail.com

Date: Thu, 23 Mar 2017 19:43:01 UTC

Severity: normal

Done: Jim Meyering <jim <at> meyering.net>

Bug is archived. No further changes may be made.

Full log

Message #8 received at 26227 <at> debbugs.gnu.org (full text, mbox):

From: Jim Meyering <jim <at> meyering.net>
To: bloodman <at> gmail.com
Cc: 26227 <at> debbugs.gnu.org
Subject: Re: bug#26227: grep critical local DoS from userspace
Date: Thu, 23 Mar 2017 16:40:41 -0700

tags 26227 moreinfo
done

On Thu, Mar 23, 2017 at 12:11 PM,  <bloodman <at> gmail.com> wrote:
> Today I searched some files and... my server goes to hell (crash).
>
> replication:
>
> 0. log into root or user account (whatever)
> 1. make a huge empty file (eg. 10 GB of zeros)
> (my is: -rw-r--r-- 1 root root 10485760000 Feb 28 18:14 testfile.out)
> 2. grep -Hi "\/tmp\/" * 2>/dev/null
> 3. crash (probably due to out of memory)

Thanks for the report, but...
What version of grep are you using? The latest (grep-3.0) operates
pretty quickly, and doesn't even use 3MB of RSS:

  $ dd status=none bs=1M count=10000 of=big < /dev/zero && env time
grep -l x big
  3.69user 1.10system 0:04.81elapsed 99%CPU (0avgtext+0avgdata 2388maxresident)k
  0inputs+0outputs (0major+102minor)pagefaults 0swaps
This bug report was last modified 8 years and 56 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.