[7421] in bugtraq
Re: Fwd: Any user can panic OpenBSD machine
daemon@ATHENA.MIT.EDU (Kragen)
Tue Jul 28 15:24:28 1998
Date: Tue, 28 Jul 1998 12:32:17 -0400
Reply-To: Kragen <kragen@POBOX.COM>
From: Kragen <kragen@POBOX.COM>
X-To: Theo de Raadt <deraadt@CVS.OPENBSD.ORG>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199807280405.WAA08052@cvs.openbsd.org>
On Mon, 27 Jul 1998, Theo de Raadt wrote:
> Whoopty doo -- another way to crash another operating system has been
> reported. This is twice now that a 'local' OpenBSD crash has made it
> to bugtraq as if it were a typical exploit. Does this now mean
> bugtraq is open ground for reporting any way to crash a multiuser
> operating system? I bet there are plenty of ways to crash any
> operating system, if you have a local account.
There are operating systems -- KeyKOS and MVS, for example -- in which
making this impossible is an explicit design goal. I do not believe
there are any known local-DoS exploits for either of these two OSes.
> However, this bug does not by itself provide anyone with a way to gain
> elevated priviledges and greater control of the system. That is what
> most of us normally call an 'exploit', or has the lingo changed
> recently?
Sometimes, being able to crash a machine reliably is enough control to
cause some serious damage.
> But I have not seen many ways to crash Linux
> on BUGTRAQ, so I think people expect more of us.
Perhaps this should change.
> > Black hats distribute these kind of exploits quickly. Let's make sure a
> > few white hats know about them too.
>
> Black hats distribute information on how to crash systems? I thought
> they were concentrating on breaking root.
Yes, black hats do distribute information on how to crash systems.
Kragen
