[1817] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: Linux DoS attack through autoprobing

daemon@ATHENA.MIT.EDU (Dave)
Fri Jun 5 03:02:28 1998

Date: Thu, 4 Jun 1998 23:46:35 -0700 (PDT)
From: Dave <dgriffi@ultrix6.cs.csubak.edu>
To: linux-security@redhat.com
In-Reply-To: <199806050435.OAA04512@inet03.citec.qld.gov.au>
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com

On Fri, 5 Jun 1998, Martin Pool wrote:

> The autodetection routines for some linux modules can tie up the 
> machine for several seconds at a time.  By trying to open devices not
> present on the machine, a local user can disrupt service considerably.
> 
> A very simple exploit is 
> 
>   victim$ ls /dev/*/*
> 
> repeatedly.
> 
> A suggested fix is to remove or chmod 0 device nodes for hardware 
> not installed on the machine.  Ideally, modules shouldn't lock the 
> machine while they probe, but I suppose this might not always
> be possible.

There is a rather annoying problem related to this.  I've experienced bad
reactions between my Adaptec aha-2940uw SCSI controller and zipdrive. 
When the driver finds a bad sector on a zipdisk, the kernel locks,
repeatedly tries to read the sector, and spews error messages.  Read
attempts seem to last 5-10 minutes.  Between read attempts, you get a few
seconds of interaction with the system.  The drive is "semi-mounted" at
this point.  Pushing the eject button will cause the disk to be ejected at
the next few seconds of interaction.  You'll then have your system back to
normal.  Typing "eject /dev/<zipdrive>" doesn't seem to work.  Any form of
reading the bad sector will lock up the kernel while it repeatedly tries
to read the bad sector, even a reformat while checking for bad sectors. 

This could be caused by the SCSI controller firmware.  I had different
problems with this drive and the controller which seemed to be fixed by a
firmware upgrade.  Refer to my posts in comp.periph.scsi from about a year
ago for more on this.  I bothered yet to try a zipdrive with other Unicies
or different controllers, so I'm uncertain whether the problem lies with
the driver or firmware. 

Possible denial of service exploit...  Pass powerful magnetic fields
through a zipdisk and put the disk in a zipdrive connected to the target
machine.  Wait for someone to do something to the device.  The whole
machine will effectively halt.

--
David Griffith
dgriffi@ultrix6.cs.csubak.edu

-- 
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe:
  mail -s unsubscribe linux-security-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post