Re: Local DoS : RedHat 6.0

[3APA3A () SECURITY NNOV RU (3APA3A)]

Hello Tymm Twillman,

I know about

 kill -9 -1

problem  is  not  in  kill, kill behaves itself as it should, but in X
reaction  to  kill. Someone can hang console by starting and killing X
server.

It's  not  a  big  problem - just another one of this kind in X Window
without  X  authentication.  But  it's  more  dangerous  then  running
password protected screensaver on another user's screen :)

28.05.00 21:01, you wrote: Local DoS : RedHat 6.0;

T> -1 as a process ID argument to kill is handled by SVR4 and 4.3+BSD by
T> sending the signal to all processes whose real UID or saved UID is the
T> real or effective UID of the process sending the signal (except the signal
T> sender if under 4.3+BSD). So what you're actually doing is just killing
T> all of your processes.  You could just as well whack them all by hand.  If
T> you're root it'll hit about everything on the system.  (see W. Richard
T> Stevens "Advanced Programming in the Unix Environment" under "kill and
T> raise functions", p. 283-4 for more info on this).  It is standard
T> behavior, and not a bug.  You still can't kill others' processes.