Re: xfs security issues (fwd)

To: debian-security@lists.debian.org
Subject: Re: xfs security issues (fwd)
From: Carlos Carvalho <carlos@fisica.ufpr.br>
Date: Sat, 22 Apr 2000 16:18:18 -0300 (BRT)
Message-id: <[🔎] 14593.64250.653089.297168@hoggar.fisica.ufpr.br>
In-reply-to: <[🔎] Pine.LNX.4.21.0004201812590.22882-100000@cornerstone.core.aoi>
References: <[🔎] 20000421021744.B2170@mors.wiggy.net> <[🔎] Pine.LNX.4.21.0004201812590.22882-100000@cornerstone.core.aoi>

Alexander Hvostov (vulture@aoi.dyndns.org) wrote on 20 April 2000 18:13:
 >Wichert,
 >
 >I was able to do what he said to crash xfs remotely. God only knows how
 >that could be leveraged... No, Debian xfs is _not_ safe.

I just tried (version 3.3.6):

% telnet localhost 7100
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
BBBBBB

and nothing happens. I quit telnet and xfs still runs.

HOWEVER, I've been having problems this last week with xfs
disappearing several times, with about 25 xterms getting off line due
to this :-( There are no traces.

I'm running xfs under a 'xfs' account, not root. I had to set
client-limit = 50

so that it doesn't self-clone, because whenever it tries to self-clone
it crashes. I don't know if it's because I'm running it not as root. I
didn't dare to try...

BTW, the debian package doesn't allow to run xfs under another
account, I had to hack it manually...

Reply to:

References:
- Re: xfs security issues (fwd)
  - From: Wichert Akkerman <wichert@mors.wiggy.net>
- Re: xfs security issues (fwd)
  - From: Alexander Hvostov <vulture@aoi.dyndns.org>

Prev by Date: Re: xfs security issues (fwd)
Next by Date: Checksums on ftp
Previous by thread: Re: xfs security issues (fwd)
Next by thread: Checksums on ftp
Index(es):
- Date
- Thread