[1324] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] denial of service attack on login

daemon@ATHENA.MIT.EDU (Andrew G. Morgan)
Wed Nov 27 00:37:04 1996

From: "Andrew G. Morgan" <morgan@parc.power.net>
To: linux-security@redhat.com (Linux Security)
Date: Tue, 26 Nov 1996 07:49:33 -0800 (PST)
Cc: johnsonm@redhat.com (Michael K. Johnson)
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com

Hi,

I've been writing a login application to utilize the features of both PAM
and libpwdb. Not surprisingly, this has meant looking at some old code..

The following denial of service attack seems to work quite nicely on my
ancient Red Hat 3.0.3 system with the standard login application. Perhaps
this is not a problem with 4.0? Does anyone know about other distributions?

	joe$ nvi /var/log/wtmp

	[ Now no-one else can log in ]

This is a problem with advisory locking. The fact that anyone can create an
exclusive lock on a file they can only read! Is this behavior appropriate?

My copy of the POSIX book (D. Lewin, O'Reilly & Assoc. '94) is a little
vague as to the "correctness" of this behavior. Perhaps someone can provide
a better explanation?

Regards

Andrew
-- 
        Linux-PAM: http://parc.power.net/morgan/Linux-PAM/index.html
          libpwdb: http://parc.power.net/morgan/libpwdb/index.html


home help back first fref pref prev next nref lref last post