lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20031030220723.GB66173@netpublishing.com>
From: ggilliss at netpublishing.com (Gregory A. Gilliss)
Subject: Shortcut...... may cause 100% cpu use!!!

Okay, I've enjoyed about as much of this as I can stand >-)

Here's a new vulnerability: filtering out annoying peoples' postings
on mailing lists. For purposes of example, we'll use FD and Bipin.
(BTW, I did not come up with this, I'm just relaying it for educational
purposes only etc):

Let's say that I have concluded that any post from Bipin is a waste of
bandwidth. The following course of action keeps the bandwidth wasters' 
postings to FD from showing up in my inbox:                                

1) install procmail (if you don't already use it)
2) touch ~/.procmailrc (see above)
3) include the following procmail rule in ~/.procmailrc:

:0
* ^X-BeenThere: .*full-disclosure@...ts\.netsys\.com
* ? formail -x"From:" -x"From" -x"Sender:" | egrep -is -f $HOME/.mutt/blacklist.
fd
/dev/null

(the "* ? formail -x ..." line is all one line)
($HOME/.mutt/blacklist.fd can be whatever file you choose)
(don't put blank lines in the file otherwise *all* posts will be trashed)

4) echo visitbipin@...oo.com >> $HOME/.mutt/blacklist.fd
5) echo door_hUNT3R@...ckcodemail.com >> $HOME/.mutt/blacklist.fd
6) echo any other email addresses that he uses to post to FD >> ...
7) no more bipen

This will work for any user on FD, as well as for other lists. However
since FD is not moderated (and is better off that way, IMHO), the only
course of action for posters that annoy and waste bandwidth (and yes, I
realize that I'm leaving myself open to criticism here, so be it) is to
filter out their noise.

As a side effect, I still get to see the replies to the filtered person's
ludicrous postings >-)

G

On or about 2003.10.30 10:19:55 +0000, madsaxon (madsaxon@...ecway.com) said:

> At 07:37 AM 10/30/03 -0800, Bipin Gautam wrote:
> >BUT THE POINT HERE IS....... THE SHORTCUT IS POINTING TO ITSELF  WHICH 
> >WILL EVENTUALLY LEAD TO A DOS!!!
> 
> It seems to me that what you've discovered is that infinite loops are 
> resource hogs. I wouldn't call this a vulnerability so much as a computer
> science 101 revelation.  Interesting from a theoretical perspective,
> perhaps, but not really worthy of a lot of discussion here. If someone
> is able to plant a self-referencing shortcut on your desktop, you have,
> as they say, larger fish to fry.

-- 
Gregory A. Gilliss, CISSP                             Telephone: 1 650 872 2420
Computer Engineering                                   E-mail: greg@...liss.com
Computer Security                                                ICQ: 123710561
Software Development                          WWW: http://www.gilliss.com/greg/
PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4 14 0E 8C A3


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ