bug#37864: bug: env exec bomb (no hash bang arg)

bug-coreutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#37864: bug: env exec bomb (no hash bang arg)

From:	Pádraig Brady
Subject:	bug#37864: bug: env exec bomb (no hash bang arg)
Date:	Tue, 22 Oct 2019 11:41:56 +0100
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:70.0) Gecko/20100101 Thunderbird/70.0

On 22/10/2019 03:13, Michael Coleman via GNU coreutils Bug Reports wrote:

One of my users unwittingly stumbled upon the most delightful 'env' bug.  It 
seems to be present in a couple of pretty recent distributions.

Try this:

----------------------------
#!/usr/bin/env
whatever
----------------------------

This results in an endless 'execve' recursion (if that's the word), pegging the 
CPU.

The preferred behavior would be something like a diagnostic, followed by 
immediate exit with an error result.


Well env is being passed the script name again as an option by the kernel,
and is just executing that. There is no portable way I can see for env
to distinguish this case. I'm not sure it's such an important issue TBH.

cheers,
Pádraig

[Prev in Thread]

Current Thread

[Next in Thread]

bug#37864: bug: env exec bomb (no hash bang arg), Michael Coleman, 2019/10/22
- bug#37864: bug: env exec bomb (no hash bang arg), Pádraig Brady <=

Prev by Date: bug#37864: bug: env exec bomb (no hash bang arg)
Next by Date: bug#37877: Fix 'shuf -n 0x' and similar problems
Previous by thread: bug#37864: bug: env exec bomb (no hash bang arg)
Next by thread: bug#37877: Fix 'shuf -n 0x' and similar problems
Index(es):
- Date
- Thread