lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <473E9290.3040006@minimum.se>
Date:	Fri, 16 Nov 2007 23:04:48 -0800
From:	Martin Olsson <mnemo@...imum.se>
To:	Alan Cox <alan@...rguk.ukuu.org.uk>
CC:	linux-kernel@...r.kernel.org,
	Ubuntu Devel Discuss <ubuntu-devel-discuss@...ts.ubuntu.com>
Subject: Re: Is it possible to give the user the option to cancel forkbombs?

Sorry about that, I checked the "has security impact" checkbox and that 
marked it as private by default. This is a very well known problem 
though so keeping secret certainly does not make sense. I have manually 
removed the "private" flag now.

The content of the bug report was as follows:
---------------------------------------------

Repro steps:

1. Install gutsy gibbon (or probably any ubuntu)
2. Start a gnome terminal
3. Run this command:

    :(){ :|:& };:

4. Ubuntu starts to work furiously, after less than a second terminal 
gets flooded with "low resources" message, and within a few seconds the 
whole machine breaks down complete to the point where no a single pixel 
is updated and the mouse cannot be moved at all. It's not possible to 
escape to a ALT-Fn console terminal and CTRL-ALT-DEL does not work.

Okay, so this is not as bad as winnuke.exe because it's not remote but I 
just did it on my shared hosting co and their server went down. And I 
mean seriously, there should be a way for a user to abort stuff that 
hogs resources this type of complete breakdown is NEVER acceptible. I 
had to power of the machine and my file system got royally screwed (long 
fsck etc).

Some of you might say this is like the oldest trick in the book, yada 
yada yada...


		Martin



Alan Cox wrote:
> On Fri, 16 Nov 2007 21:51:27 -0800
> Martin Olsson <mnemo@...imum.se> wrote:
> 
>> Dear kernel hackers,
>>
>> This is a message from below 0x7FFFFFFF. Please look at this bug (it's 
>> not a new concept but still):
>> https://bugs.launchpad.net/ubuntu/+bug/163185
> 
> It seems to want people to register to view it. I guess Ubuntu should fix
> launchpad then we can see the bug report
> 
> Alan
> -

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ