[Tfug] Re: Linux bug discovered
Michael Stenner
mstenner at ece.arizona.edu
Tue Jun 15 11:54:38 MST 2004
On Tue, Jun 15, 2004 at 11:45:05AM -0700, Tom Rini wrote:
> On Tue, Jun 15, 2004 at 09:43:41AM -0700, Michael Stenner wrote:
> > On Tue, Jun 15, 2004 at 09:28:34AM -0700, Tom Rini wrote:
> > > On Tue, Jun 15, 2004 at 09:14:09AM -0700, Angus Scott-Fleming wrote:
> > Just to be clear about the significance of this, it's a LOCAL DOS.
> > Sure. That's not good, but it's really only a couple steps worse than
> >
> > perl -e "@a = (); while (1) {push(a, 0)}"
>
> Only if you can easily reset your system. (and I must admit I haven't
> tried it on a box with a watchdog, which may or may not catch this
> livelock).
>
> And it'd be rather trivial to plug the necessary bits into any number of
> "run some arbitrary code on the system" exploits.
>
> IMHO, there's two catagories of local DoS's
> - Ones you can easily hook into an "execute random bits" remote exploit
> and crash a box
> - Ones you need a session on the system to do anything with (e.g.
> information leak which if you troll long enough might give up a
> password).
I agree with all of this, but it's important to distinguish between
the threat of "local DOS" and the threat of "local DOS + remote
exploit". A pair of wire-cutters is a serious threat to the CIA, but
only if you can get past the perimeter defenses to the sensitive
spots. I know this is an extreme analogy. I'm just using it to
clearly distinguish the roles of the two components.
It's also true that many systems are set up in which lots of
essentially untrusted users that ALREADY HAVE local access.
Coincidentally, those are often the ones that require the most effort
to reset :)
-Michael
--
Michael D. Stenner mstenner at ece.arizona.edu
ECE Department, the University of Arizona 520-626-1619
1230 E. Speedway Blvd., Tucson, AZ 85721-0104 ECE 524G
More information about the tfug
mailing list