[1329] in linux-security and linux-alert archive
[linux-security] Re: denial of service attack on login
daemon@ATHENA.MIT.EDU (Jon Peatfield)
Wed Nov 27 06:14:55 1996
To: linux-security@redhat.com
cc: johnsonm@redhat.com (Michael K. Johnson), jp107@damtp.cam.ac.uk
In-reply-to: Your message of "Tue, 26 Nov 1996 07:49:33 PST."
<199611261549.HAA16832@parc.power.net>
Date: Wed, 27 Nov 1996 10:35:55 +0000
From: Jon Peatfield <J.S.Peatfield@damtp.cam.ac.uk>
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com
Hmm, I can imagine utmp being locked this way, but is it worth it for wtmp?
All login does is add an entry to the end...
Linux lacks the updwtmp{,x}() calls which SVR4 provides as a packaged way to
update wtmp. My local login code when on Linux just does (basically):
if ((fd = open(_PATH_WTMP, O_WRONLY|O_APPEND, 0)) >= 0) {
(void)write(fd, (char *)ut, sizeof(struct utmp));
(void)close(fd);
}
and I've seen no problems so far (we don't care about the order of the writes,
and the worst that can happen is a couple of corrup wtmp entries).
Of course this "denial of service" doesn't stop someone connecting by rcmd or
rexec, so it can be detected and fixed.
[mod: You can't assume that everybody is running rcmd/rexec. There
are good, security related, reasons for not running those.... -- REW]
-- Jon