[1334] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: denial of service attack on login

daemon@ATHENA.MIT.EDU (Abraham Bodizapha Ozzda Igy Asok M)
Fri Nov 29 01:59:34 1996

Date: Thu, 28 Nov 1996 06:13:18 +0000
From: Abraham Bodizapha Ozzda Igy Asok Marfund Garduchey Soco Swanawehak Fenway Buisquali Montecarlo Neuman Smith <mike@uplex.net>
To: linux-security@redhat.com
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com

[I presume I'll just get flamed or a terse answer in response to this,
attributed to ignorance (in some form or other)]

On Tue, 26 Nov 1996, Andrew G. Morgan wrote:
> The following denial of service attack seems to work quite nicely on my
> ancient Red Hat 3.0.3 system with the standard login application. Perhaps
> this is not a problem with 4.0? Does anyone know about other distributions?
>
>       joe$ nvi /var/log/wtmp
>
>       [ Now no-one else can log in ]

Now that we've determined that this problem exists in just about every
popular, current distribution, what can I do or where do I go for my
best bet at a (temporary, at least) solution?  Any additional
information on what is/isn't fixed would be appricated. ... eg regarding
wheather said fix addresses the problem of needing a lock on wtmp and
the ability of others to prevent that or a specific program like login
which has been told it doesnt need to lock the file.

[mod: I'd suggest that you grab your closest login sources. Easiest
would be to grab those that are for your system. Recompile them, and
verify that they are the same as what you already have. Then find the
part that locks the wtmp file and delete it. -- REW]

Thanks in advace...
mike




home help back first fref pref prev next nref lref last post