Re: security probs with su (sh-utils 1.16)

[Ingo Saitz <Ingo.Saitz@stud.uni-hannover.de>]

MoiN

On Fri, Mar 24, 2000 at 09:38:33PM -0700, Nathan Paul Simons wrote:
> - ----- Forwarded message from Javor Ninov <javor@multigroup-bg.com> -----
[...]
> Tested on SlackWare 7.0 2.2.14
> After short time this will crash Linux box:
> su `cat /dev/urandom` > /dev/null |< su `cat /dev/urandom`&
> 
> for a better efect start it several times :-))
> This can be done be any regular user !

This is not a problem with su but with missing process limits.
You can replace "su" with any program you like. The shell tries
to expand the command line using the output of "cat
/dev/urandom". You won't get EOF from /dev/urandom, so the dhell
eats all available memory until swap is filled up. Linux then
starts to kill those processes that allocate memory. If it hits
e.g. your Xserver first you are lost.

Type the following line into your bash prompt to get the same
effect. Note that using /dev/urandom instead of /dev/zero raises
the chance that the process triggering the memory limit won't be
bash:

`cat /dev/urandom`

If you want to avoid such attacks, set process limits.

    Ingo
--
Windows, me?