[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: xfs security issues (fwd)



Alexander Hvostov (vulture@aoi.dyndns.org) wrote on 20 April 2000 18:13:
 >Wichert,
 >
 >I was able to do what he said to crash xfs remotely. God only knows how
 >that could be leveraged... No, Debian xfs is _not_ safe.

I just tried (version 3.3.6):

% telnet localhost 7100
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
BBBBBB

and nothing happens. I quit telnet and xfs still runs.

HOWEVER, I've been having problems this last week with xfs
disappearing several times, with about 25 xterms getting off line due
to this :-( There are no traces.

I'm running xfs under a 'xfs' account, not root. I had to set
client-limit = 50

so that it doesn't self-clone, because whenever it tries to self-clone
it crashes. I don't know if it's because I'm running it not as root. I
didn't dare to try...

BTW, the debian package doesn't allow to run xfs under another
account, I had to hack it manually...


Reply to: