GNU bug report logs - #37864
bug: env exec bomb (no hash bang arg)

Previous Next

Package: coreutils;

Reported by: Michael Coleman <michael.karl.coleman <at> protonmail.com>

Date: Tue, 22 Oct 2019 04:48:02 UTC

Severity: normal

To reply to this bug, email your comments to 37864 AT debbugs.gnu.org.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to bug-coreutils <at> gnu.org:
bug#37864; Package coreutils. (Tue, 22 Oct 2019 04:48:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to Michael Coleman <michael.karl.coleman <at> protonmail.com>:
New bug report received and forwarded. Copy sent to bug-coreutils <at> gnu.org. (Tue, 22 Oct 2019 04:48:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Michael Coleman <michael.karl.coleman <at> protonmail.com>
To: "bug-coreutils <at> gnu.org" <bug-coreutils <at> gnu.org>
Subject: bug: env exec bomb (no hash bang arg)
Date: Tue, 22 Oct 2019 02:13:13 +0000

[Message part 1 (text/plain, inline)]
One of my users unwittingly stumbled upon the most delightful 'env' bug.  It seems to be present in a couple of pretty recent distributions.

Try this:

----------------------------
#!/usr/bin/env
whatever
----------------------------

This results in an endless 'execve' recursion (if that's the word), pegging the CPU.

The preferred behavior would be something like a diagnostic, followed by immediate exit with an error result.

Regards,
Mike
[Message part 2 (text/html, inline)]
Information forwarded to bug-coreutils <at> gnu.org:
bug#37864; Package coreutils. (Tue, 22 Oct 2019 10:43:01 GMT) Full text and rfc822 format available.

Message #8 received at 37864 <at> debbugs.gnu.org (full text, mbox):

From: Pádraig Brady <P <at> draigBrady.com>
To: Michael Coleman <michael.karl.coleman <at> protonmail.com>,
 37864 <at> debbugs.gnu.org
Subject: Re: bug#37864: bug: env exec bomb (no hash bang arg)
Date: Tue, 22 Oct 2019 11:41:56 +0100

On 22/10/2019 03:13, Michael Coleman via GNU coreutils Bug Reports wrote:
> One of my users unwittingly stumbled upon the most delightful 'env' bug.  It seems to be present in a couple of pretty recent distributions.
> 
> Try this:
> 
> ----------------------------
> #!/usr/bin/env
> whatever
> ----------------------------
> 
> This results in an endless 'execve' recursion (if that's the word), pegging the CPU.
> 
> The preferred behavior would be something like a diagnostic, followed by immediate exit with an error result.

Well env is being passed the script name again as an option by the kernel,
and is just executing that. There is no portable way I can see for env
to distinguish this case. I'm not sure it's such an important issue TBH.

cheers,
Pádraig
This bug report was last modified 5 years and 242 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.