reassign 505718 chkrootkit
severity 505718 normal
retitle  505718 Please limit grep output, can cause automatic DOS.
thanks

Hello,

While checking e.g. for php based rootkit, the invocation of grep does
not limit the amount of output returned, for example in:

    fileshead="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -type f 
-exec head -1 {} \; | grep php 2> /dev/null`"

I had a 2Gb swap file in /tmp and grep kept the current "line" in
memory waiting to see if it would match 'php'. For some reason this
swap file was composed of very long "lines", and my machine was
unreasonably slow because of this grep. Generally speaking, grep's
behaviour here is correct because it needs to store all of the current
line to be able to display it if it matches, but some sort of output
limitation should be used by chkrootkit to avoid a local DOS by the
cron job.

Regards,

Laurent.



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to