From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <zsh-workers-return-12630-mason-zsh=primenet.com.au@sunsite.auc.dk>
Received: (qmail 3330 invoked from network); 15 Aug 2000 03:19:36 -0000
Received: from sunsite.auc.dk (130.225.51.30)
  by ns1.primenet.com.au with SMTP; 15 Aug 2000 03:19:36 -0000
Received: (qmail 6308 invoked by alias); 15 Aug 2000 03:19:25 -0000
Mailing-List: contact zsh-workers-help@sunsite.auc.dk; run by ezmlm
Precedence: bulk
X-No-Archive: yes
X-Seq: 12630
Received: (qmail 6299 invoked from network); 15 Aug 2000 03:19:21 -0000
Date: Mon, 14 Aug 2000 22:19:08 -0500
From: Dan Nelson <dnelson@emsphone.com>
To: Jonel Rienton <nelski@jonelrienton.org>
Cc: Bart Schaefer <schaefer@candle.brasslantern.com>,
        zsh-workers@sunsite.auc.dk
Subject: Re: buffer overflow on zsh-3.1.9
Message-ID: <20000814221907.C24766@dan.emsphone.com>
References: <1000814183801.ZM10110@candle.brasslantern.com> <NEBBJKIECKJPJKBDJJOECEGMCBAA.nelski@jonelrienton.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
User-Agent: Mutt/1.3.7i
In-Reply-To: <NEBBJKIECKJPJKBDJJOECEGMCBAA.nelski@jonelrienton.org>; from "Jonel Rienton" on Mon Aug 14 18:13:24 GMT 2000
X-OS: FreeBSD 5.0-CURRENT

In the last episode (Aug 14), Jonel Rienton said:
> doesn't this constitute for a malicious user to bring down your
> system in a multi environment box?

No more than a "for(;;) malloc(1024);" loop or even /bin/sh's
"a=`yes`".  Although having zsh core dump is bad form (sh simply prints
"out of space").  Adjust your shell's resource limits if you're worried
about their memory usage.

-- 
	Dan Nelson
	dnelson@emsphone.com