lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 20 Nov 2007 17:34:24 -0600 From: Robert Hancock <hancockr@...w.ca> To: devzero@....de Cc: linux-kernel@...r.kernel.org Subject: Re: System reboot triggered by just reading a device file....!? devzero@....de wrote: > good evening, > > i stumbled over some funny issue when trying windirstat (like KDirStat) with wine. > > after running that tool for a while my system rebooted. i could reproduce this with every run. > > after some deep investigation (i thought i had stability issues with my system and spent more than an hour on this) i found out, that the reboot is being triggered by iTCO_wdt ( /dev/watchdog ) > > this is how to reproduce: > > - be root > - cat /dev/watchdog or dd if=/dev/watchdog of=/dev/zero bs=1 count=1 or ..... > - wait one minute........ > > *reboot*! > > i have heard 2 opinions for now (contacted the author and also discussed on wine-devel ) that this should be expected behaviour. Yes, it is. It's a watchdog device, it's meant to reboot the machine if whatever task is poking the watchdog dies. > being sysadmin quite a while, i cannot believe that (accidentally) reading a device file (being root or not - what does that matter) triggers a system reboot. > > ok - when i`m root , i shouldn`t do stupid things and be careful, but i thought reading/crawling trough a filesystem (r/o, btw.) with some tool which is built to do exactly this wasn`t so stupid - even from within wine. I would say that running a Windows tool that opens up and reads random files, on the /dev directory tree, as root, probably does qualify as "stupid". I'd say running pretty much anything through Wine as root is not a good idea, a Windows app could hose the system without even meaning to through exactly such things. > > think of an admin writing a quick&dirty script for intrusion detection (find / -exec md5sum {} \; >/tmp/need-no-tripwire) and forgetting to exclude /dev, /sys or /proc appropriately...... > think of someone exporting "/" via samba (readonly) and then navigating trough the /dev directory.... > > stupid? > i don`t think so.....i have seen worse things...... :) > > should someone get punished by an accidental system reboot and should he need to spend his time on this to investigate why this happens? > > i`d wish there would be some fence around this or iTCO_wdt /dev/watchdog not being active after a default desktop installation. There is.. it's called "root privileges". > > i`d be interested if i`m the only one who thinks this is strange/dangerous behaviour. > > regards > roland -- Robert Hancock Saskatoon, SK, Canada To email, remove "nospam" from hancockr@...pamshaw.ca Home Page: http://www.roberthancock.com/ - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists