craig@xxxxxxxxxx wrote:
On Konqueror 3.5.9, what happens is that this childish code builds a huge string, eats memory, causes swapping, and finally blows away Konq. Linux and X and everything else stay up and recover nicely. (Gentoo/AMD64X2/3G mem)
This isn't an exploit -- at least not on Linux -- it's just kiddie stupidity. It doesn't take any particular cleverness to blow memory by dynamically creating bigger and bigger data structures. With virtual memory and 64-bit pointers, when exactly do we return -ENOMEM?
Could you be a bit more specific as to the circumstances of the DOS
exploit and how this could be replicated?
Thank you.