Re: Local DoS in kernel 2.6.26

To: surreal <firewalrus@gmail.com>
Cc: Debian Live <debian-live@lists.debian.org>, debian-user@lists.debian.org
Subject: Re: Local DoS in kernel 2.6.26
From: Aioanei Rares <debian.dev.list@gmail.com>
Date: Tue, 27 Oct 2009 15:20:52 +0200
Message-id: <[🔎] 4AE6F3B4.5040108@gmail.com>
In-reply-to: <[🔎] 8857b3150910270527p4d18d958mc2034eed29dc3c23@mail.gmail.com>
References: <[🔎] 8857b3150910270527p4d18d958mc2034eed29dc3c23@mail.gmail.com>

surreal wrote:

I just caught hold of a C source code from 2005. This code is a localDoS which fills up the entire memory on Linux 2.6.N kernels.
At that time, I used Fedora Core 4 and a pentium 4 machine with 512 MBram. After compiling and running this program on the old machine, itused to hang within 40 seconds.
I compiled and ran this program on a test machine having Dual CoreCPU, 2 GB ram and Debian Lenny to see if this code holds good today.
I saw that RAM wasent running out, but the CPU usage was 100%. I didntwait for computer to hang, but I think this code is dangerous and canbe used for malicious intentions.
I am sending the code so that we can prevent bad use of it. It stillhas potential of a local DoS. I hope kernel hackers might getinterested in this.
This code isent tested on AMD 64 bit kernel, but on a 2.6.26 stablekernel.
The C code is attached with this mail.

800df127fbcb5552a455b6742b62bfe0  mseak.c

Just gcc mseak.c -o mseak; mseak & to see the effects.


--
Harshad Joshi

Tested it on my amd64 machine running latest git, but except for the CPUgoing at 100%, nothing else happens.

Reply to:

References:
- Local DoS in kernel 2.6.26
  - From: surreal <firewalrus@gmail.com>

Prev by Date: Local DoS in kernel 2.6.26
Next by Date: How to run a script when the live system boots
Previous by thread: Local DoS in kernel 2.6.26
Next by thread: Re: Local DoS in kernel 2.6.26
Index(es):
- Date
- Thread