GNU bug report logs - #37864
bug: env exec bomb (no hash bang arg)

Reported by: Michael Coleman <michael.karl.coleman <at> protonmail.com>

Date: Tue, 22 Oct 2019 04:48:02 UTC

Severity: normal

View this message in rfc822 format

From: Pádraig Brady <P <at> draigBrady.com>
To: Michael Coleman <michael.karl.coleman <at> protonmail.com>, 37864 <at> debbugs.gnu.org
Subject: bug#37864: bug: env exec bomb (no hash bang arg)
Date: Tue, 22 Oct 2019 11:41:56 +0100

On 22/10/2019 03:13, Michael Coleman via GNU coreutils Bug Reports wrote:
> One of my users unwittingly stumbled upon the most delightful 'env' bug.  It seems to be present in a couple of pretty recent distributions.
> 
> Try this:
> 
> ----------------------------
> #!/usr/bin/env
> whatever
> ----------------------------
> 
> This results in an endless 'execve' recursion (if that's the word), pegging the CPU.
> 
> The preferred behavior would be something like a diagnostic, followed by immediate exit with an error result.

Well env is being passed the script name again as an option by the kernel,
and is just executing that. There is no portable way I can see for env
to distinguish this case. I'm not sure it's such an important issue TBH.

cheers,
Pádraig

This bug report was last modified 5 years and 242 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #37864 bug: env exec bomb (no hash bang arg)

GNU bug report logs - #37864
bug: env exec bomb (no hash bang arg)