X-Loop: help-debbugs@HIDDEN
Subject: bug#37864: bug: env exec bomb (no hash bang arg)
Resent-From: Michael Coleman <michael.karl.coleman@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-coreutils@HIDDEN
Resent-Date: Tue, 22 Oct 2019 04:48:02 +0000
Resent-Message-ID: <handler.37864.B.15717196767427 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: report 37864
X-GNU-PR-Package: coreutils
X-GNU-PR-Keywords:
To: 37864 <at> debbugs.gnu.org
X-Debbugs-Original-To: "bug-coreutils@HIDDEN" <bug-coreutils@HIDDEN>
Reply-To: Michael Coleman <michael.karl.coleman@HIDDEN>
Received: via spool by submit <at> debbugs.gnu.org id=B.15717196767427
(code B ref -1); Tue, 22 Oct 2019 04:48:02 +0000
Received: (at submit) by debbugs.gnu.org; 22 Oct 2019 04:47:56 +0000
Received: from localhost ([127.0.0.1]:58160 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1iMm5M-0001vi-4d
for submit <at> debbugs.gnu.org; Tue, 22 Oct 2019 00:47:56 -0400
Received: from lists.gnu.org ([209.51.188.17]:37036)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <michael.karl.coleman@HIDDEN>)
id 1iMjfs-0006MF-AK
for submit <at> debbugs.gnu.org; Mon, 21 Oct 2019 22:13:28 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:42117)
by lists.gnu.org with esmtp (Exim 4.90_1)
(envelope-from <michael.karl.coleman@HIDDEN>)
id 1iMjfr-0000dU-84
for bug-coreutils@HIDDEN; Mon, 21 Oct 2019 22:13:28 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: ****
X-Spam-Status: No, score=4.4 required=5.0 tests=AC_FROM_MANY_DOTS,BAYES_50,
FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPOOFED_FREEMAIL,URIBL_BLOCKED
autolearn=disabled version=3.3.2
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
(envelope-from <michael.karl.coleman@HIDDEN>)
id 1iMjfp-0005hx-NP
for bug-coreutils@HIDDEN; Mon, 21 Oct 2019 22:13:26 -0400
Received: from mail2.protonmail.ch ([185.70.40.22]:60424)
by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
(Exim 4.71) (envelope-from <michael.karl.coleman@HIDDEN>)
id 1iMjfp-0005hH-GJ
for bug-coreutils@HIDDEN; Mon, 21 Oct 2019 22:13:25 -0400
Date: Tue, 22 Oct 2019 02:13:13 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com;
s=default; t=1571710401;
bh=Upp8nF22A7UhBu9ntnlByYaHjyrcDZX+ebG9uT0jTPs=;
h=Date:To:From:Reply-To:Subject:Feedback-ID:From;
b=WqZdXIFAgVo9JUbCwzwrEHsk1YEpcTmawWz4f/8D/ScS1NdQN7+/Nvsn8PwkrG6dT
zBYeEoz7/BYF37YwHL8A0miA2jVJlduExj9ycZy+St+eyjiBPPwsVbYlkE5Hp/dg2V
UB/XpFh4QTfgkU/80bGo60DT51FsdM0T96NLlSKo=
From: Michael Coleman <michael.karl.coleman@HIDDEN>
Message-ID: <17bClHZId-5_cZF9E-FZDRYXmGPkuZzfhzK4fHuB2PDuSmwYl0QJRx3G8omcoGrdYt0aP1m1zcyT2vT-aovh43kZZ5IjlQj2geVB4r59puM=@protonmail.com>
Feedback-ID: XX9hSSocx1U34xjIhJpxwcNSMDF9qc5KyHXxO3XCrntOXhtds2oDxXpapF4Nn_efTPbd2lkSYC2L7qrjRIv9aQ==:Ext:ProtonMail
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="b1_85cf60dbd0638572be671de6246784a9"
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
[fuzzy]
X-Received-From: 185.70.40.22
X-Spam-Score: 1.7 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: One of my users unwittingly stumbled upon the most delightful
'env' bug. It seems to be present in a couple of pretty recent distributions.
Try this: #!/usr/bin/env whatever
Content analysis details: (1.7 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
blocked. See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information. [URIs: protonmail.com]
0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider (michael.karl.coleman[at]protonmail.com)
1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)
0.0 HTML_MESSAGE BODY: HTML included in message
-2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at https://www.dnswl.org/,
medium trust [209.51.188.17 listed in list.dnswl.org]
1.0 BOMB_FREEM Bomb + freemail
2.0 SPOOFED_FREEMAIL No description available.
X-Mailman-Approved-At: Tue, 22 Oct 2019 00:47:55 -0400
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.3 (-)
This is a multi-part message in MIME format.
--b1_85cf60dbd0638572be671de6246784a9
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: base64
T25lIG9mIG15IHVzZXJzIHVud2l0dGluZ2x5IHN0dW1ibGVkIHVwb24gdGhlIG1vc3QgZGVsaWdo
dGZ1bCAnZW52JyBidWcuICBJdCBzZWVtcyB0byBiZSBwcmVzZW50IGluIGEgY291cGxlIG9mIHBy
ZXR0eSByZWNlbnQgZGlzdHJpYnV0aW9ucy4KClRyeSB0aGlzOgoKLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLQojIS91c3IvYmluL2Vudgp3aGF0ZXZlcgotLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tCgpUaGlzIHJlc3VsdHMgaW4gYW4gZW5kbGVzcyAnZXhlY3ZlJyByZWN1cnNpb24gKGlm
IHRoYXQncyB0aGUgd29yZCksIHBlZ2dpbmcgdGhlIENQVS4KClRoZSBwcmVmZXJyZWQgYmVoYXZp
b3Igd291bGQgYmUgc29tZXRoaW5nIGxpa2UgYSBkaWFnbm9zdGljLCBmb2xsb3dlZCBieSBpbW1l
ZGlhdGUgZXhpdCB3aXRoIGFuIGVycm9yIHJlc3VsdC4KClJlZ2FyZHMsCk1pa2U=
--b1_85cf60dbd0638572be671de6246784a9
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: base64
PGRpdj5PbmUgb2YgbXkgdXNlcnMgdW53aXR0aW5nbHkgc3R1bWJsZWQgdXBvbiB0aGUgbW9zdCBk
ZWxpZ2h0ZnVsICdlbnYnIGJ1Zy4mbmJzcDsgSXQgc2VlbXMgdG8gYmUgcHJlc2VudCBpbiBhIGNv
dXBsZSBvZiBwcmV0dHkgcmVjZW50IGRpc3RyaWJ1dGlvbnMuPGJyPjwvZGl2PjxkaXY+PGJyPjwv
ZGl2PjxkaXY+VHJ5IHRoaXM6PGJyPjwvZGl2PjxkaXY+PGJyPjwvZGl2PjxkaXY+LS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLTwvZGl2PjxkaXY+IyEvdXNyL2Jpbi9lbnY8YnI+PC9kaXY+PGRp
dj53aGF0ZXZlcjwvZGl2PjxkaXY+LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLTxicj48L2Rp
dj48ZGl2Pjxicj48L2Rpdj48ZGl2PlRoaXMgcmVzdWx0cyBpbiBhbiBlbmRsZXNzICdleGVjdmUn
IHJlY3Vyc2lvbiAoaWYgdGhhdCdzIHRoZSB3b3JkKSwgcGVnZ2luZyB0aGUgQ1BVLjxicj48L2Rp
dj48ZGl2Pjxicj48L2Rpdj48ZGl2PlRoZSBwcmVmZXJyZWQgYmVoYXZpb3Igd291bGQgYmUgc29t
ZXRoaW5nIGxpa2UgYSBkaWFnbm9zdGljLCBmb2xsb3dlZCBieSBpbW1lZGlhdGUgZXhpdCB3aXRo
IGFuIGVycm9yIHJlc3VsdC48L2Rpdj48ZGl2IGNsYXNzPSJwcm90b25tYWlsX3NpZ25hdHVyZV9i
bG9jayBwcm90b25tYWlsX3NpZ25hdHVyZV9ibG9jay1lbXB0eSI+PGRpdiBjbGFzcz0icHJvdG9u
bWFpbF9zaWduYXR1cmVfYmxvY2stdXNlciBwcm90b25tYWlsX3NpZ25hdHVyZV9ibG9jay1lbXB0
eSI+PGJyPjwvZGl2PjxkaXYgY2xhc3M9InByb3Rvbm1haWxfc2lnbmF0dXJlX2Jsb2NrLXByb3Rv
biBwcm90b25tYWlsX3NpZ25hdHVyZV9ibG9jay1lbXB0eSI+PGJyPjwvZGl2PjwvZGl2PjxkaXY+
PGJyPjwvZGl2PjxkaXY+UmVnYXJkcyw8YnI+PC9kaXY+PGRpdj5NaWtlPGJyPjwvZGl2Pg==
--b1_85cf60dbd0638572be671de6246784a9--
Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) Content-Type: text/plain; charset=utf-8 X-Loop: help-debbugs@HIDDEN From: help-debbugs@HIDDEN (GNU bug Tracking System) To: Michael Coleman <michael.karl.coleman@HIDDEN> Subject: bug#37864: Acknowledgement (bug: env exec bomb (no hash bang arg)) Message-ID: <handler.37864.B.15717196767427.ack <at> debbugs.gnu.org> References: <17bClHZId-5_cZF9E-FZDRYXmGPkuZzfhzK4fHuB2PDuSmwYl0QJRx3G8omcoGrdYt0aP1m1zcyT2vT-aovh43kZZ5IjlQj2geVB4r59puM=@protonmail.com> X-Gnu-PR-Message: ack 37864 X-Gnu-PR-Package: coreutils Reply-To: 37864 <at> debbugs.gnu.org Date: Tue, 22 Oct 2019 04:48:02 +0000 Thank you for filing a new bug report with debbugs.gnu.org. This is an automatically generated reply to let you know your message has been received. Your message is being forwarded to the package maintainers and other interested parties for their attention; they will reply in due course. Your message has been sent to the package maintainer(s): bug-coreutils@HIDDEN If you wish to submit further information on this problem, please send it to 37864 <at> debbugs.gnu.org. Please do not send mail to help-debbugs@HIDDEN unless you wish to report a problem with the Bug-tracking system. --=20 37864: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D37864 GNU Bug Tracking System Contact help-debbugs@HIDDEN with problems
X-Loop: help-debbugs@HIDDEN
Subject: bug#37864: bug: env exec bomb (no hash bang arg)
Resent-From: =?UTF-8?Q?P=C3=A1draig?= Brady <P@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-coreutils@HIDDEN
Resent-Date: Tue, 22 Oct 2019 10:43:01 +0000
Resent-Message-ID: <handler.37864.B37864.157174092129115 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 37864
X-GNU-PR-Package: coreutils
X-GNU-PR-Keywords:
To: Michael Coleman <michael.karl.coleman@HIDDEN>, 37864 <at> debbugs.gnu.org
Received: via spool by 37864-submit <at> debbugs.gnu.org id=B37864.157174092129115
(code B ref 37864); Tue, 22 Oct 2019 10:43:01 +0000
Received: (at 37864) by debbugs.gnu.org; 22 Oct 2019 10:42:01 +0000
Received: from localhost ([127.0.0.1]:58270 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1iMrc1-0007ZT-Dt
for submit <at> debbugs.gnu.org; Tue, 22 Oct 2019 06:42:01 -0400
Received: from mail.magicbluesmoke.com ([82.195.144.49]:36714)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <P@HIDDEN>) id 1iMrbz-0007ZG-5f
for 37864 <at> debbugs.gnu.org; Tue, 22 Oct 2019 06:41:59 -0400
Received: from localhost.localdomain
(86-42-14-227-dynamic.agg2.lod.rsl-rtd.eircom.net [86.42.14.227])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by mail.magicbluesmoke.com (Postfix) with ESMTPSA id 51DDBB6A7;
Tue, 22 Oct 2019 11:41:57 +0100 (IST)
References: <17bClHZId-5_cZF9E-FZDRYXmGPkuZzfhzK4fHuB2PDuSmwYl0QJRx3G8omcoGrdYt0aP1m1zcyT2vT-aovh43kZZ5IjlQj2geVB4r59puM=@protonmail.com>
From: =?UTF-8?Q?P=C3=A1draig?= Brady <P@HIDDEN>
Message-ID: <8fc4104a-3365-2dda-0751-7f3c033279b8@HIDDEN>
Date: Tue, 22 Oct 2019 11:41:56 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:70.0) Gecko/20100101
Thunderbird/70.0
MIME-Version: 1.0
In-Reply-To: <17bClHZId-5_cZF9E-FZDRYXmGPkuZzfhzK4fHuB2PDuSmwYl0QJRx3G8omcoGrdYt0aP1m1zcyT2vT-aovh43kZZ5IjlQj2geVB4r59puM=@protonmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.0 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
On 22/10/2019 03:13, Michael Coleman via GNU coreutils Bug Reports wrote:
> One of my users unwittingly stumbled upon the most delightful 'env' bug. It seems to be present in a couple of pretty recent distributions.
>
> Try this:
>
> ----------------------------
> #!/usr/bin/env
> whatever
> ----------------------------
>
> This results in an endless 'execve' recursion (if that's the word), pegging the CPU.
>
> The preferred behavior would be something like a diagnostic, followed by immediate exit with an error result.
Well env is being passed the script name again as an option by the kernel,
and is just executing that. There is no portable way I can see for env
to distinguish this case. I'm not sure it's such an important issue TBH.
cheers,
Pádraig
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.