[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] bash vulnerability?

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] bash vulnerability?
From: starwars <nobody@xxxxxxxxxxxxxxxxxxxxxx>
Date: Sun, 14 Aug 2005 10:21:49 +0200 (CEST)

>
>
> Wernfried Haas wrote:
>
> > assuming you actually meant
> > :(){ :|:& };: (which can be harmful if no limits are set)?

   It should be noted that according to the limits man page, "By default no 
quotas are imposed on 'root'. In fact, there is no way to impose limits via 
this procedure to root-equiv accounts (account with UID 0)."

"ulimit -u 15"

  only works temporarily for that user unless issed in a startup script. "echo 
'* U15' > /etc/limits" 

(as root of course) is a permanent solution (root is still unaffected).

-secjunky 
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] XSS www.jg-tc.com
Next by Date: [Full-disclosure] (TOOL ANNOUNCEMENT) Efilter - automatic exception reporting utility
Previous by thread: Re: [Full-disclosure] bash vulnerability?
Next by thread: RE: [Full-disclosure] bash vulnerability?
Index(es):
- Date
- Thread