Bugtraq mailing list archives
Re: local users can panic linux kernel (was: SuSE syslogd advisory)
From: lcamtuf () IDS PL (Michal Zalewski)
Date: Sat, 17 Jul 1999 03:21:57 +0200
On Thu, 18 Nov 1999, Mixter wrote:
The impact of the syslogd Denial Of Service vulnerability seems to be bigger than expected. I found that syslog could not be stopped from responding by one or a few connections, since it uses select() calls to synchronously manage the connections to /dev/log. I made an attempt with the attached test code, which makes about 2000 connects to syslog, using multiple processes, and my system instantly died with the message: 'Kernel panic: can't push onto full stack'
Attack can be easily stopped (as well as lusers' ability to write anything as eg. kernel to system logs) by doing something like: groupadd log; chmod 660 /dev/log; chown root.log /dev/log, then by carefully choosing 'log' group members. Otherwise, something like: logger -p 0 -t kernel "I'm hungry" ...will result in: Jul 17 03:18:44 nimue kernel: I'm hungry ...in /var/log/messages and on console ;) But probably it has been discussed many times, just an idea how to fix it without replacing system logger and kernel to add getpeeruid() support. _______________________________________________________________________ Michal Zalewski [lcamtuf () ids pl] [link / marchew] [dione.ids.pl SYSADM] [Marchew Industries] ! [http://lcamtuf.na.export.pl] bash$ :(){ :|:&};: [voice phone: +48 22 813 25 86] <=-=> [cellular phone: +48 501 4000 69] Iterowac jest rzecza ludzka, wykonywac rekursywnie - boska [P. Deutsch]
Current thread:
- Re: local users can panic linux kernel (was: SuSE syslogd advisory) Michal Zalewski (Jul 16)