[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: slapper countermeasures

KevinL écrivait :
> On Wed, 2002-09-18 at 06:05, Michael Renzmann wrote:
> > "killall .bugtraq" would be suitable as well, and it would "destroy" 
> > every other instance of the program that is running currently. Even if 
> > detecting the current PPID does not work for whatever reason.
> Solaris is vulnerable to this bug?  Solaris "killall" kills _everything_
> - not just the named process.
> 'course, given they're theoretically not running the webserver as root,
> this shouldn't be a huge issue...  But it's not as social as you might
> think.

I agree... Even on Linux the killall command had not always given the same
result. I can remember some killall on (very) old RedHat that even didn't
work properly. And don't forget killall has been a script sometime! So it
may require additionals environnement variables (PATH) and so on...

But may be the main point is: is it really possible to have multiple
instance of the .bugtraq program?!? If so, all of them would join the
network and should receive the mail-sleep-kill command!


Reply to: