[2438] in linux-security and linux-alert archive
Re: Problem with red hat 6.1
daemon@ATHENA.MIT.EDU (Shawn Ewald)
Fri Dec 1 09:01:13 2000
From: "Shawn Ewald" <shawn@wilshire.net>
To: linux-alert@redhat.com
Date: Thu, 30 Nov 2000 10:01:05 -0500
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Reply-To: shawn@wilshire.net
Message-ID: <3A262561.12353.3D517FD@localhost>
In-reply-to: <OE48jQHtMFaukyCKDkb00003ad1@hotmail.com>
Errors-To: linux-alert-admin@redhat.com
Hi,
Nevermind your "bug" how can something so simple and stupid as a
luser priveleged script with a single non-command word consume all
memory? I didn't know you could do this. I tried this on RH 7.0 and
the script eventually terminated after consuming all memory.
Shouldn't something like this be considered a dos attack? You could
pop this in your crontab to run every minute -- bye bye server. Why
hasn't something so dumb as this been fixed?
Shawn
On 29 Nov 2000, at 11:27, nayakvinod wrote:
> I found a problem, nay a very serious bug in red hat 6.1(kernel 2.2.12).
>
> I login as an ordinary user and did as follows( in fact I wrote a faulty shell program and put it in a directory in PATH):
>
> $ mkdir bin
> $ cat >bin/hello
> hello
> ^D
> $ chmod 0755 bin/hello
> $ hello
>
> This system crashed after giving messages like:
>
> syslog: Out of memory
> ....
> ......
> .....
>
> init: out of memory
>
>
> First I suspected that the problem is in kernel2.2.12. But when I booted RED hat 6.2 with this k
ernel and run the same culprit shell prog, the process terminated with the messge:
> bash: Out of memory!
> which it should do.
> Vinod Nayak
>
_______________________________________________
Linux-alert mailing list
Linux-alert@redhat.com
https://listman.redhat.com/mailman/listinfo/linux-alert
