[2313] in linux-security and linux-alert archive
[linux-security] Re: IPMASQ and lock-up of all terminals
daemon@ATHENA.MIT.EDU (Ted Deppner)
Mon Feb 28 16:34:23 2000
Date: Mon, 28 Feb 2000 12:56:52 -0800
From: Ted Deppner <ted@psyber.com>
To: "Joshua M. Thompson" <om@bignet.net>
Cc: MeriwetherDJ@nswccd.navy.mil, linux-security@redhat.com
Message-ID: <20000228125652.H32658@jasmine.psyber.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <Pine.LNX.4.10.10002281522400.17073-100000@eva-01.mich.com>
Resent-From: linux-security@redhat.com
On Mon, Feb 28, 2000 at 03:25:43PM -0500, Joshua M. Thompson wrote:
> I have seen very similiar behavior before on one of my RH6.0 boxes. It
> occured when syslog froze, causing any programs that try to use the
> logging facilities to block. If you have an active shell connection to the
> box when it happens you can kill syslogd and it will unlock. Otherwise the
> hard reboot is the only way out.
I've seen this happen on RH61 system where the machine was running BIND, and
using itself as it's preferred resolv host while running syslogd in network
mode (-r option).
Named has an syslogable event while syslogd receives a network syslog message
from another machine, and deadlock, named blocks writing to the syslog pipe
and syslog blocks on a ip resolv.
Pam (used by login) logs all sorts of things to syslog, which is now hung,
and you see where this goes.
If you have a secondary choice in /etc/resolve, after a few seconds of
syslogd failing to resovl it succeeds with the lookup. However, if your
machines does lots of things, generating lots of syslog messages you can
easily be consumed by this race.
[mod: Meriwether however reports that HIS machine doesn't have itself
in resolv.conf, so there must be anotherway to "deadlock" the machine
-- REW]
--
Ted Deppner
ted@psyber.com
http://www.psyber.com
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null
