Bugtraq mailing list archives
Re: local users can panic linux kernel (was: SuSE syslogd advisory)
From: saw () MSU RU (Savochkin Andrey Vladimirovich)
Date: Sat, 20 Nov 1999 12:01:26 +0300
Hello, I don't understand what all the syslogd discussion is about. It's absolutely clear that if you start a daemon without any resource limits being set you risk the whole system if something goes wrong. So if you want to protect the system from local DoS attacks then resource limits for all daemons are mandatory. Resource limits are necessary and they are almost the only thing that can be done nowadays. It isn't clear for me what can be done to protect the whole system inside syslogd. Does anybody knows what SuSE really changed? Their source package isn't very helpful. On Fri, Nov 19, 1999 at 03:59:00AM +0100, Mixter wrote:
The impact of the syslogd Denial Of Service vulnerability seems to be bigger than expected. I found that syslog could not be stopped from responding by one or a few connections, since it uses select() calls to synchronously manage the connections to /dev/log. I made an attempt with the attached test code, which makes about 2000 connects to syslog, using multiple processes, and my system instantly died with the message: 'Kernel panic: can't push onto full stack'
The kernel panic is a completely different issue. You can reproduce it without syslogd by your own program. So that is the real problem that should be fixed.
I've been able to reproduce this as non-root user, although it had to be done two times to overcome the stronger user resource limits, but it worked. This has been tested with linux 2.0.38+syslog1.3 (redhat 5.2).
Best regards Andrey V. Savochkin
Current thread:
- Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7), (continued)
- Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7) Jochen Bauer (Nov 16)
- Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7) Nick Craig-Wood (Nov 18)
- ProFTPd - mod_sqlpw.c Todd C. Campbell (Nov 19)
- Pandora v4 Beta 2 Software Simple Nomad (Nov 19)
- Remote D.o.S Attack in G6 FTP Server v2.0 (beta 4/5) Vulnerability Ussr Labs (Nov 16)
- Re: Remote D.o.S Attack in G6 FTP Server v2.0 (beta 4/5) Vulnerability Seth R Arnold (Nov 17)
- Re: Remote D.o.S Attack in G6 FTP Server v2.0 (beta 4/5) Vulnerability Marc (Nov 17)
- SuSE Security Announcement - syslogd (a1) Thomas Biege (Nov 18)
- local users can panic linux kernel (was: SuSE syslogd advisory) Mixter (Nov 18)
- Re: local users can panic linux kernel (was: SuSE syslogd advisory) Alan Cox (Nov 19)
- Re: local users can panic linux kernel (was: SuSE syslogd advisory) Savochkin Andrey Vladimirovich (Nov 20)
- ANN: Bruce v1.0 Early Access 1 - Available for downloa Alec Muffett (Nov 22)
- Re: local users can panic linux kernel (was: SuSE syslogd Alan Cox (Nov 22)
- Re: local users can panic linux kernel (was: SuSE syslogd Savochkin Andrey Vladimirovich (Nov 23)
- Re: local users can panic linux kernel (was: SuSE syslogd Darren Reed (Nov 23)
- Re: local users can panic linux kernel (was: SuSE syslogd Savochkin Andrey Vladimirovich (Nov 24)
- Remote DoS Attack in WorldClient Server v2.0.0.0 Vulnerability Ussr Labs (Nov 24)
- Remote DoS Attack in BisonWare FTP Server V3.5 Vulnerability Ussr Labs (Nov 24)
- Re: local users can panic linux kernel (was: SuSE syslogd Darren Reed (Nov 24)
- [w00giving '99 #5 and w00news]: UnixWare 7's su Matt Conover (Nov 25)
- Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7) Jochen Bauer (Nov 16)
- Buffer Overflow Survey Paper Crispin Cowan (Nov 22)