Bugtraq mailing list archives
csh denial of service attack
From: pschenk () hpopb1 cern ch (Casper)
Date: Thu, 26 Oct 1995 09:59:50 +0100
I know this is probably a bit lame, but I thought you might all be amused by it. It would be possible to bring your machine to its knees doing this. This works on SGI challenge XL machines running IRIX 5.3 and HP9000/700 machines running HPUX 9.X. On an HP K series running 10.X it seems to be fixed. For some reason the C shell does name globbing in a very strange way. This is not the case for sh, ksh and tcsh. A few stars in the string will make csh loop for a very long time (over 24 hours on a challenge XL), with only kill -9 able to stop it (that is at least documented in the csh man page). Here's the example |I /bin/ksh :-M ***********8 /bin/ksh: ***********8: not found |I /bin/sh $ ************8 ************8: not found |I /bin/csh nodename: **************8 <now there is a csh taking close to 100% of the cpu> So just start of few of these and your loadlevel will go through the roof. The '8' at the end can be any character. csh handles the '******' case without a trailing character correctly. It makes no difference if the string matches a file or not, just that there is a trailing character. Ciao, Casper Paul Schenk | University of California, Riverside Paul.Schenk () cern ch | CERN PPE / OPAL PGP public key available by arrangement "Verbing weirds language" - Calvin
Current thread:
- csh denial of service attack Casper (Oct 26)