Re: xfs security issues (fwd)
Alexander Hvostov (vulture@aoi.dyndns.org) wrote on 20 April 2000 18:13:
>Wichert,
>
>I was able to do what he said to crash xfs remotely. God only knows how
>that could be leveraged... No, Debian xfs is _not_ safe.
I just tried (version 3.3.6):
% telnet localhost 7100
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
BBBBBB
and nothing happens. I quit telnet and xfs still runs.
HOWEVER, I've been having problems this last week with xfs
disappearing several times, with about 25 xterms getting off line due
to this :-( There are no traces.
I'm running xfs under a 'xfs' account, not root. I had to set
client-limit = 50
so that it doesn't self-clone, because whenever it tries to self-clone
it crashes. I don't know if it's because I'm running it not as root. I
didn't dare to try...
BTW, the debian package doesn't allow to run xfs under another
account, I had to hack it manually...
Reply to: