[311] in linux-security and linux-alert archive
chfn problem with Linux
daemon@ATHENA.MIT.EDU (Nick Kralevich)
Tue Aug 8 15:06:19 1995
Date: Tue, 8 Aug 1995 08:19:40 -0700 (PDT)
From: Nick Kralevich <nickkral@parker.EECS.Berkeley.EDU>
To: linux-alert@tarsier.cv.nrao.edu, linux-security@tarsier.cv.nrao.edu
Found on alt.hackers.
Take care,
-- Nick Kralevich
----- Begin -----
>From ftlofaro@unlv.edu Tue Aug 8 08:16:56 PDT 1995
Article: 8446 of alt.hackers
Path: agate!howland.reston.ans.net!news.sprintlink.net!uunet!in2.uu.net!news.nevada.edu!unlv.edu!ftlofaro
From: ftlofaro@unlv.edu (Frank T Lofaro)
Newsgroups: alt.hackers
Subject: Linux problems (was Re: rlogin revealed)
Date: 8 Aug 1995 07:15:47 GMT
Organization: University of Nevada, Las Vegas
Lines: 22
Approved: Communications_Decency_Enforcement@cda.fcc.gov
Message-ID: <4072v3$7if@news.nevada.edu>
References: <3v5ffa$c1o@umbc9.umbc.edu> <DCnMsv.358@mv.mv.com> <3vr6u7$bv7@bubb\a.NMSU.Edu> <402j80$bm5@solutions.solon.com>
NNTP-Posting-Host: pioneer.nevada.edu
Keywords: Linux, security hole, denial of service
In-Reply-To: <1995Aug7.134512.25441@dcs.warwick.ac.uk>
A poster mentioned here the chfn could be used to hose a linux box.
He didn't say, but it looked like one could hose the system by
killing/suspending chfn right after opening /etc/passwd in truncate
mode. I ran a trace on chfn.
Here's another bad one.
Set file limit to 0.
run passwd and try to change passwd
/etc/passwd is empty, and all logins are denied with "Login
incorrect", i.e. one doesn't know what is wrong.
By setting file limits low can partially truncate /etc/passwd.
I'll post this to comp.os.linux.development.system too.
ObHack: Changing the FS code to allow hardlinks to symlinks. Not too
useful, but neat, and I didn't lose any filesystems when I did it!
And doing 40 other hacks and wacks on the Linux kernel, unfortunately
one of them hosed swapping to a file. Heck, most of them work though!
