Bugtraq mailing list archives
Re: DoS attack: apache (& other) .htaccess Authentication
From: casper () HOLLAND SUN COM (Casper Dik)
Date: Fri, 16 Jan 1998 10:00:06 +0100
perhaps you should stat the file and make sure its a normal file? There may be other device files which cause problems by virtue of having lots of data, or by blocking for long periods of time. For example a blocking read on a dialup device that waits for carrier sense on a modem. Is there any reason to allow device files to be read from the config?
Open the file non blocking and then fstat() it will do away with the race condition. (Some devices block on open, like dial-in ports)
This may not stop all possible attacks. Normal files might be used to indefinitely block the daemon. For example some systems allow regular users to make NFS mounts. In this case an NFS server can be brought up, mounted, then brought down. The httpd reading an nfs mounted file would then block for a long period of time while NFS times out. The same result can be achieved by performing a denial of service attack against an already existing NFS mount.
Or if you use a default /net automount on Solaris, just open "/net/far-a-field" Seems like a problem that's hard to generally fix, other than making sure noone gets to write .htaccess files.
Are there other ways to cause long blocking times when reading normal files? Do any common unix systems have mandatory file locking?
Yep, that's a way too; most SVR4 derived systems have it, I think. Solaris certainly has it. Casper
Current thread:
- Correction: CPSN 9:971208: Solaris /var Permission Problems MATTHEW POTTER (Jan 13)
- Xserver stack smashed Pavel Kankovsky (Jan 13)
- Re: Xserver stack smashed M Shariful Anam (Jan 14)
- DoS attack: apache (& other) .htaccess Authentication jan () WEDEKIND DE (Jan 14)
- Re: DoS attack: apache (& other) .htaccess Authentication Marc Slemko (Jan 14)
- Re: DoS attack: apache (& other) .htaccess Authentication Tim Newsham (Jan 15)
- Re: DoS attack: apache (& other) .htaccess Authentication Dustin Sallings (Jan 15)
- Re: DoS attack: apache (& other) .htaccess Authentication Casper Dik (Jan 16)
- pbomb'ing SSH on a FreeBSD box. Jeff Johnson (Jan 15)
- Re: pbomb'ing SSH on a FreeBSD box. FrontLine Assembly (Jan 17)
- Re: DoS attack: apache (& other) .htaccess Authentication Dean Gaudet (Jan 16)
- Re: GCC 2.7.? /tmp files dichro-bugtraq () RCPT TO (Jan 17)
- Re: GCC 2.7.? /tmp files Zack Weinberg (Jan 18)
- Re: GCC 2.7.? /tmp files John Gotts (Jan 19)
- CERT Vendor-Initiated Bulletin VB-98.01 - excite Aleph One (Jan 19)
- Xserver stack smashed Pavel Kankovsky (Jan 13)
- GCC 2.7.? /tmp files Micha? Zalewski (Jan 15)
- Re: GCC 2.7.? /tmp files Niels Bakker (Jan 16)
- pnserver exploit.. Aleph One (Jan 15)