Skip to content

sec(interpreter): DEBUG trap fires before every simple command with no separate command budget #1170

Closed
Closed
sec(interpreter): DEBUG trap fires before every simple command with no separate command budget#1170
@chaliy

Description

@chaliy
chaliy
opened on Apr 9, 2026

Summary

The DEBUG trap handler fires before every simple command execution and runs through the normal command execution path. While it does count against the global command limit, a carefully crafted DEBUG trap can amplify resource usage because it executes additional commands for every single command in the script. Combined with the trap handler's ability to modify shell state, this creates an amplification vector.

Threat category: TM-DOS (Denial of Service) — extends existing category
Severity: Low
Component: `crates/bashkit/src/interpreter/mod.rs`, `run_debug_trap()`

Root Cause

async fn execute_simple_command(&mut self, ...) -> Result<ExecResult> {
    let (_debug_stdout, _debug_stderr) = self.run_debug_trap().await;
    // ... then execute the actual command
}

The DEBUG trap runs `execute_command_sequence` which goes through the normal execution flow. However:

  1. The trap itself can contain multiple commands (pipelines, loops, etc.)
  2. Each command in the trap fires its own DEBUG trap (recursion is only prevented by the command limit)
  3. There is no separate budget for trap execution vs. script execution

Steps to Reproduce

# Each echo triggers the DEBUG trap, which runs 10 commands
# Total: 100 * 10 = 1000 effective commands for 100 echoes
trap 'a=1; b=2; c=3; d=4; e=5; f=6; g=7; h=8; i=9; j=10' DEBUG
for i in $(seq 1 100); do echo $i; done

Impact

  • Command limit amplification: A script with N commands and a DEBUG trap with M commands effectively runs N*M commands
  • CPU exhaustion: Complex DEBUG traps multiply execution time
  • The trap itself triggers more trap calls: Though bounded by the global limit, this is still an amplification pattern

Acceptance Criteria

  • Consider adding a `max_trap_commands` limit separate from the main command budget
  • Or: suppress DEBUG trap invocation inside trap handlers (prevent recursive amplification)
  • Add test: DEBUG trap with multiple commands doesn't bypass command limits
  • Document the amplification behavior in threat model

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions