2015-07-22 5:19 GMT+02:00 Rich Felker <dal...@libc.org>:
On Sun, Jul 19, 2015 at 11:07:13PM +0200, Denys Vlasenko wrote:
I would rather keep it.
What is the "most horrible" thing which can happen here?
Arbitrary code execution due to stack overflow. Does this really need
a PoC? alloca is _always_ unsafe unless the argument is bounded and
tiny.
It would interesting to know if ash ever automatically runs its
tokenizer over environment variables.
If the tokenizer can only run on the command stream then there's not
much to be gained from overflowing the stack since anyone who can inject
an evil token in to command stream already has shell access.
Daniel.
_______________________________________________
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox
