lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <2097618015@web.de>
Date:	Wed, 21 Nov 2007 01:01:27 +0100
From:	devzero@....de
To:	Robert Hancock <hancockr@...w.ca>
Cc:	linux-kernel@...r.kernel.org
Subject: Re: System reboot triggered by just reading a device file....!?

>There is.. it's called "root privileges".
yes, true.

but - regardless of being a windows app or not - what if you want to take a look on your system as a whole, especially when using some tool which graphically shows how and where your diskspace is being used?  if i let this run from ordinary useraccount it would get lot`s of "permission denied"  and then it`s only telling half of the truth.....

>I'd say running pretty much anything through Wine as root is 
> not a good idea, a Windows app could hose the system without even 
> meaning to through exactly such things.
yes, true indeed. but maybe wine has an option to sandbox the windows app to do only r/o access.  if that feature doesn`t exist, (set r/o flag to dosdevices) maybe it would be an useful addon.
but that`s OT here....


> -----Ursprüngliche Nachricht-----
> Von: "Robert Hancock" <hancockr@...w.ca>
> Gesendet: 21.11.07 00:35:23
> An: devzero@....de
> CC: linux-kernel@...r.kernel.org
> Betreff: Re: System reboot triggered by just reading a device file....!?


> 
> devzero@....de wrote:
> > good evening, 
> > 
> > i stumbled over some funny issue when trying windirstat (like KDirStat) with wine.
> > 
> > after running that tool for a while my system rebooted. i could reproduce this with every run.
> > 
> > after some deep investigation (i thought i had stability issues with my system and spent more than an hour on this) i found out, that the reboot is being triggered by iTCO_wdt ( /dev/watchdog )
> > 
> > this is how to reproduce:
> > 
> > - be root
> > -  cat /dev/watchdog or dd if=/dev/watchdog of=/dev/zero bs=1 count=1 or .....
> > -  wait one minute........
> > 
> > *reboot*!
> > 
> > i have heard 2 opinions for now (contacted the author and also discussed on wine-devel ) that this should be expected behaviour.
> 
> Yes, it is. It's a watchdog device, it's meant to reboot the machine if 
> whatever task is poking the watchdog dies.
> 
> > being sysadmin quite a while, i cannot believe that (accidentally) reading a device file (being root or not - what does that matter) triggers a system reboot.
> > 
> > ok - when i`m root , i shouldn`t do stupid things and be careful, but i thought reading/crawling trough a filesystem (r/o, btw.) with some tool which is built to do exactly this wasn`t so stupid - even from within wine.
> 
> I would say that running a Windows tool that opens up and reads random 
> files, on the /dev directory tree, as root, probably does qualify as 
> "stupid". I'd say running pretty much anything through Wine as root is 
> not a good idea, a Windows app could hose the system without even 
> meaning to through exactly such things.
> 
> > 
> > think of an admin writing a quick&dirty script for intrusion detection (find / -exec md5sum {} \; >/tmp/need-no-tripwire) and forgetting to exclude /dev, /sys or /proc appropriately......
> > think of someone exporting "/" via samba (readonly) and then navigating trough the /dev directory....
> > 
> > stupid?
> > i don`t think so.....i have seen worse things...... :)
> > 
> > should someone get punished  by an accidental system reboot and should he need to spend his time on this to investigate why this happens?
> > 
> > i`d wish there would be some fence around this or iTCO_wdt /dev/watchdog not being active after a default desktop installation.
> 
> There is.. it's called "root privileges".
> 
> > 
> > i`d be interested if i`m the only one who thinks this is strange/dangerous behaviour.
> > 
> > regards
> > roland
> 
> 
> -- 
> Robert Hancock      Saskatoon, SK, Canada
> To email, remove "nospam" from hancockr@...pamshaw.ca
> Home Page: http://www.roberthancock.com/
> 
> 


__________________________________________________________________________
Erweitern Sie FreeMail zu einem noch leistungsstärkeren E-Mail-Postfach!		
Mehr Infos unter http://produkte.web.de/club/?mc=021131

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ