[8219] in bugtraq
Re: Possible DoS in rsh
daemon@ATHENA.MIT.EDU (Kragen)
Thu Oct 15 14:05:26 1998
Date: Thu, 15 Oct 1998 12:08:38 -0400
Reply-To: Kragen <kragen@POBOX.COM>
From: Kragen <kragen@POBOX.COM>
X-To: Shivan Dragon <shivan@ICI.NET>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199810061943.PAA28852@bajor.ici.net>
On Tue, 6 Oct 1998, Shivan Dragon wrote:
> [.rhosts -> /dev/null DOSes rsh, imapd]
> I'm pretty sure if I did the server's load could have been through the roof.
Something similar to this was posted for Apache a few months ago.
It has been proposed that the appropriate way to handle this is for
imapd, fingerd, rshd, Apache, etc. to check to see if the config file
is a real file or is something else, and then to refuse to do anything
with it if it's not.
I think that this is rather the wrong way to approach it. If I have a
50G RAID array, I can create a sparse file of 50G for my .rhosts, which
will probably take enough time for imapd to read to make an effective
DOS. And having such files attached to named pipes, etc., can really
be quite useful.
A more effective and less restrictive solution would be to put
arbitrary, possibly configurable, limits on the amount of the
configuration file that is paid attention to. Perhaps 100K would be
reasonable for .rhosts.
Kragen
--
<kragen@pobox.com> Kragen Sitaker <http://www.pobox.com/~kragen/>
A well designed system must take people into account. . . . It's hard to
build a system that provides strong authentication on top of systems that
can be penetrated by knowing someone's mother's maiden name. -- Schneier
