[5989] in bugtraq
Re: DoS attack: apache (& other) .htaccess Authentication
daemon@ATHENA.MIT.EDU (Casper Dik)
Fri Jan 16 12:55:06 1998
Date: Fri, 16 Jan 1998 10:00:06 +0100
Reply-To: Casper Dik <casper@HOLLAND.SUN.COM>
From: Casper Dik <casper@HOLLAND.SUN.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Your message of "Thu, 15 Jan 1998 08:22:07 -1000."
<m0xstvb-00112JC@malasada.lava.net>
>
>perhaps you should stat the file and make sure its a normal file?
>There may be other device files which cause problems by virtue
>of having lots of data, or by blocking for long periods of time.
>For example a blocking read on a dialup device that waits for
>carrier sense on a modem. Is there any reason to allow device
>files to be read from the config?
Open the file non blocking and then fstat() it will do away with the
race condition. (Some devices block on open, like dial-in ports)
>This may not stop all possible attacks. Normal files might be
>used to indefinitely block the daemon. For example some systems
>allow regular users to make NFS mounts. In this case an NFS
>server can be brought up, mounted, then brought down. The
>httpd reading an nfs mounted file would then block for a long
>period of time while NFS times out. The same result can be
>achieved by performing a denial of service attack against an already
>existing NFS mount.
Or if you use a default /net automount on Solaris, just open
"/net/far-a-field"
Seems like a problem that's hard to generally fix, other than making
sure noone gets to write .htaccess files.
>Are there other ways to cause long blocking times when reading
>normal files? Do any common unix systems have mandatory file locking?
Yep, that's a way too; most SVR4 derived systems have it, I think.
Solaris certainly has it.
Casper
