| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <200706032129.29088.dhazelton@enter.net> Date: Sun, 3 Jun 2007 21:29:28 -0400 From: Daniel Hazelton <dhazelton@...er.net> To: Nix <nix@...eri.org.uk> Cc: Jens Axboe <jens.axboe@...cle.com>, Anand Jahagirdar <anandjigar@...il.com>, security@...nel.org, linux-kernel@...r.kernel.org Subject: Re: Patch related with Fork Bombing Atack On Sunday 03 June 2007 19:01:21 Nix wrote: > On 1 Jun 2007, Jens Axboe told this: > > I think Anand is assuming that because syslog may coalesce identical > > messages into "repeated foo times" in the messages file, that it's not a > > dos. That is of course wrong. > > Not all syslog daemons do that, anyway. (syslog-ng doesn't, for one.) That syslog-ng doesn't coalesce repeated messages into a single line doesn't make a difference. The printk_ratelimit stuff is supposed to make it very hard to DOS a system by flooding syslog, but that doesn't mean its impossible. The point of this discussion was that having a part of the kernel log a message about a fork-bomb was a very large whole that could be used to DOS a system by flooding the syslog. (In fact, IIRC, the printk_ratelimit (and somebody, please correct me if I'm wrong) stuff uses a ring buffer and seriously spamming syslog, like the patch that spawned this thread would have done, could cause you to lose potentially important messages) DRH - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists