Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Fwd: Any user can panic OpenBSD machine

From: mej () tcserv com (Michael Jennings)
Date: Tue, 28 Jul 1998 14:55:36 -0400

On Tuesday, 28 July 1998, at 12:21:55 (-0600),
Theo de Raadt <deraadt () cvs openbsd org> wrote:


But those are

      REMOTE ATTACKS.


True, but the point remains.  Despite the fact that *BSD and Linux
are more often used on single-user workstations than large servers,
both OS's are gaining acceptance in the latter arena.  As such, it
is wise to be aware of methods for local users to Do Bad Things (tm).

If a single user on a 500-user system can crash the machine by
running a simple program, even without getting root, the sysadmin is
likely to have 499 royally-annoyed users wanting answers, and he'd
best have some to give if he likes his job.


Surely you can tell the difference between a remote attack and a local
attack.


Of course.  But local exploits are still exploits, except in the case
of single-user-login systems, which I believe the free *NIXes moving
away from.


Ob-BUGTRAQ-Posting:

If you are logged into an NT box, you can type CTRL-ALT-DEL and take
the system down.


Ok, so NT is a bad example.  :-)  Such a post WRT Linux would be
equally stupid.  However, we're talking about stuff *local users* can
do, not just someone who has access to the console.

Michael

--
 "I've been looking for a Savior in these dirty streets,
  Looking for a Savior beneath these dirty sheets."
                                               -- Tori Amos, "Crucify"
=======================================================================
Michael Jennings        http://www.tcserv.com/         <mej () tcserv com>
Senior Systems Engineer, Synectics, Inc.      http://www.synectics.com/
Previous By Date Next
Previous By Thread Next

Current thread: