[Bug 1213743] [NEW] subshell that instantly locks up bash, dash, ksh, tcsh, and zsh

B Bobo 1213743 at bugs.launchpad.net
Sun Aug 18 23:54:38 UTC 2013 

*** This bug is a security vulnerability ***

Public security bug reported:

Type this at a shell prompt in gnome-terminal:

$ (yes&)
y
y
y
y
y
y
...

Denial of service. Shell becomes totally unresponsive. Subshell command
is uninterruptible.

An old one that affects bash, dash, ksh, tcsh, and zsh shells at least
in all versions in Ubuntu and further back in Ubuntu pre-history too.

Please note the issue is not related to
https://wiki.ubuntu.com/SecurityTeam/Policies#Unlimited_Local_Resource_Utilization

 $ (yes &)
is not a fork bomb or any other kind of resource overutilization. There is only one subshell and only one subprocess being executed in it.

The issue is with buggy signal handling.

** Affects: bash (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: dash (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: ksh (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: tcsh (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: zsh (Ubuntu)
     Importance: Undecided
         Status: New

** Information type changed from Private Security to Public Security

** Also affects: gnubash
   Importance: Undecided
       Status: New

** Project changed: gnubash => ubuntu

** Package changed: ubuntu => bash (Ubuntu)

** Also affects: zsh
   Importance: Undecided
       Status: New

** Project changed: zsh => zsh (Ubuntu)

** Also affects: dash
   Importance: Undecided
       Status: New

** Project changed: dash => dash (Ubuntu)

** Also affects: mksh
   Importance: Undecided
       Status: New

** Project changed: mksh => ksh (Ubuntu)

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/1213743

Title:
  subshell that instantly locks up bash, dash, ksh, tcsh, and zsh

Status in “bash” package in Ubuntu:
  New
Status in “dash” package in Ubuntu:
  New
Status in “ksh” package in Ubuntu:
  New
Status in “tcsh” package in Ubuntu:
  New
Status in “zsh” package in Ubuntu:
  New

Bug description:
  Type this at a shell prompt in gnome-terminal:

  $ (yes&)
  y
  y
  y
  y
  y
  y
  ...

  Denial of service. Shell becomes totally unresponsive. Subshell
  command is uninterruptible.

  An old one that affects bash, dash, ksh, tcsh, and zsh shells at least
  in all versions in Ubuntu and further back in Ubuntu pre-history too.

  Please note the issue is not related to
  https://wiki.ubuntu.com/SecurityTeam/Policies#Unlimited_Local_Resource_Utilization

   $ (yes &)
  is not a fork bomb or any other kind of resource overutilization. There is only one subshell and only one subprocess being executed in it.

  The issue is with buggy signal handling.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1213743/+subscriptions

More information about the foundations-bugs mailing list