[1816] in linux-security and linux-alert archive
[linux-security] Linux DoS attack through autoprobing
daemon@ATHENA.MIT.EDU (Martin Pool)
Fri Jun 5 02:21:01 1998
To: linux-security@redhat.com
From: Martin Pool <mbp@pharos.com.au>
Date: Fri, 05 Jun 1998 14:33:53 +1000
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com
-----BEGIN PGP SIGNED MESSAGE-----
The autodetection routines for some linux modules can tie up the
machine for several seconds at a time. By trying to open devices not
present on the machine, a local user can disrupt service considerably.
A very simple exploit is
victim$ ls /dev/*/*
repeatedly.
A suggested fix is to remove or chmod 0 device nodes for hardware
not installed on the machine. Ideally, modules shouldn't lock the
machine while they probe, but I suppose this might not always
be possible.
- --
Martin Pool
Pharos Business Solutions
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
iQB1AwUBNXd1MTr8By6pblTZAQEurQL/SZqzipo3lH1NElSQ3ou2DUJtma2DE2ua
4QkOv3cnYdgptV0JffMLFpx4XAi0MVdwFMX3ZWMzEmNO658QacKpPPo9gqeKcMD3
jlg2v3aUkTbuU10UipQR5pKVHVJBjQcq
=BgJv
-----END PGP SIGNATURE-----
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null