[1816] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Linux DoS attack through autoprobing

daemon@ATHENA.MIT.EDU (Martin Pool)
Fri Jun 5 02:21:01 1998

To: linux-security@redhat.com
From: Martin Pool <mbp@pharos.com.au>
Date: Fri, 05 Jun 1998 14:33:53 +1000
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com

-----BEGIN PGP SIGNED MESSAGE-----


The autodetection routines for some linux modules can tie up the 
machine for several seconds at a time.  By trying to open devices not
present on the machine, a local user can disrupt service considerably.

A very simple exploit is 

  victim$ ls /dev/*/*

repeatedly.

A suggested fix is to remove or chmod 0 device nodes for hardware 
not installed on the machine.  Ideally, modules shouldn't lock the 
machine while they probe, but I suppose this might not always
be possible.

- --
Martin Pool
Pharos Business Solutions




-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQB1AwUBNXd1MTr8By6pblTZAQEurQL/SZqzipo3lH1NElSQ3ou2DUJtma2DE2ua
4QkOv3cnYdgptV0JffMLFpx4XAi0MVdwFMX3ZWMzEmNO658QacKpPPo9gqeKcMD3
jlg2v3aUkTbuU10UipQR5pKVHVJBjQcq
=BgJv
-----END PGP SIGNATURE-----

-- 
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe:
  mail -s unsubscribe linux-security-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post