What is Digg?53 Comments
- skimitar, on 11/10/2007, -7/+40Patch is available here as has been fixed in 2.6.17 http://www.kernel.org/pub/linux/kernel/v2.6/testing/patch-2.6.17-rc1.bz2
- eklitzke, on 10/12/2007, -4/+26Another key thing to point out is that the DoS attack can only be cause by local users. If you're running a server, there's no way that this can be remotely exploited.
- tonfa, on 10/12/2007, -2/+20Please do not use this patch, this is a -rc kernel. You should never run -rc kernel on production machines.
The fix is available in the stable tree: http://kernel.org/pub/linux/kernel/v2.6/patch-2.6.16.2.bz2
See the changelog for .2: http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.2
Thanks. - nullmind, on 10/12/2007, -7/+22It's been a month already? Oh, nevermind, thought this was a Windows flaw.
- burke, on 10/12/2007, -5/+19Maybe on windows. Not so much on linux.
users with standard privileges can't even execute "/etc/init.d/apache stop". - pabster, on 10/12/2007, -0/+12Good point. And a fast fix.
- usergentoo, on 10/12/2007, -8/+18inaccurate::: there is already a fix
must be a mac user or windows user that reported this story I guess this is the only way they can feel good about using the crap they use - coredump0x01, on 10/12/2007, -0/+10That has little to do with the kernel, rather, has everything to do with your distro configuration. Add/change the following lines to your /etc/security/limits.conf file
* soft nproc 50
* hard nproc 100
and watch those forkbombs become futile! - enderw88, on 10/12/2007, -7/+17ANY malicious local user could cause a DoS to ANY thing simply by turning it OFF.
- inactive, on 10/12/2007, -0/+9if you allow shell users and dont' set ulimits correctly you deserve to have some ***** fill your hd or fork bomb the system.
that how ever has nothing to do with bugs and everything to do with sysadmins not having a clue. - coredump0x01, on 10/12/2007, -0/+8I think you need to update your statistics from 1992, Linux may not be strong on the desktop (yet!) but it occupies a pretty nice chunk of the server market, for example, many top websites you know and love (google, youtube, wikipedia etc. . .) and even digg! Just ask http://netcraft.com
- barbobot, on 10/12/2007, -0/+6ulimits people!
- barbobot, on 10/12/2007, -0/+6nope once again it doesnt work if you have ulimits set up properly.
- inactive, on 10/12/2007, -0/+6last i checked netcraft showed apache on 60% of websites alone, even a conservative guess of 80% of them running linux would be a staggering amount of systems.
- bugmenot69, on 10/12/2007, -0/+6It does not really have to do with the kernel, but with the limitation, as in number of processes the user can create, the administrator has defined.
- copperhead, on 10/12/2007, -3/+8When I was back in college (hmmm.... 1999 or so), one of these exploits came out for linux. IIRC, it had something to do with too many symlinks in a directory structure causing the system to crash. Of course, I had to try it out on one of the workstations.
Remember, boys and girls... make sure you're on the local workstation and not ssh'd into the main Computer Science server before you start testing these neat exploits. Other students tend to throw things at you if you make a mistake. - coredump0x01, on 10/12/2007, -1/+6I think this submission was intended to raise awareness more than a shameful Linux smear, that's why I dugg it. In either case, it's probably a good thing these articles appear here since sysadmins and Linux users can be aware and patch up, but more importantly, if a vuln is undisclosed and posted, all the eyeballs reading digg would create our usual stir and likely cause a patch to be released sooner, and i'm sure developers come here too.
- illynova, on 10/12/2007, -8/+13You DO realize that servers aren't all just web and database servers, right? A server is merely a machine that provides services to the outside world, which INCLUDE remote logins.
Remote logins -> local users -> Dos - bigkm, on 10/12/2007, -0/+5can i remind people that local and physical are different things.
- coredump0x01, on 10/12/2007, -4/+9I wouldn't say so, it's a real problem with a real patch. (http://www.kernel.org/pub/linux/kernel/v2.6/testing/patch-2.6.17-rc1.bz2
I highly doubt it's FUD. - diagonalfish, on 10/12/2007, -1/+5Just because there's a fix available doesn't mean people shouldn't know about it. In fact, just the opposite. The same applies for any other OS. I have a linux box. It's nice to know this then-- I can go get the patch and fix it.
- chaosmachine, on 10/12/2007, -0/+4or admins could just subscribe to the appropriate mailing list.. i could see a remote root exploit making front the page, but a local user dos?
- thecwin, on 10/12/2007, -0/+4Well if the system is setup properly that won't happen, I think the reason this one is on the front page is because it wasn't by design but was rather an unintended flaw... if you're setting up a public server you'll definitely be putting quotas on it (or be only opening it to known trusted users).
- rolosworld, on 10/12/2007, -1/+5I don't think this would work if the users have proc limits.. but the flaw would work on those cases... anyway, lame flaw for desktop users since almost everyone has no proc limits.
PD. wow, a lot of geeks here, I posted and already there where 2 replies ;-D - bockman, on 10/12/2007, -4/+7Local user DoS? Here's a local user DoS, works in 100% of linux kernels.
$ perl -e 'while(1) { fork(); }'
Local users are trusted users, even on shell boxes. - skimitar, on 10/12/2007, -1/+3@tonfa: good point! release candidates on production machines isn't the wisest move. mea culpa
- kindrobot, on 10/12/2007, -5/+7I think he meant more along the lines of cutting off power. But that's true.
(beat me guyga!) - copperhead, on 10/12/2007, -5/+7Local in this case does not necessarily mean sitting at the console right next to the box. It's simply a user with shell access to the system. I work on a system where the users have no physical access to the computers they're working on, but they are considered "local users". Had we been running Linux instead of Solaris, this could have been a concern.
- fortezza, on 10/12/2007, -0/+2Dumb. If you allow remote or local access to your box, then you should have already set limits on what they can do. If it's your home computer and your the only one with local/shell access, then it isn't a problem. Anyhow, apt-get update && apt-get upgrade + reboot fixes this.
- linuxinit, on 10/12/2007, -0/+1LOL. If it does work... And you are in X. Just kill X by doing ctrl-alt-backspace then type issue 'killall bash' a few times and you are good to go. :P Same goes for Perl or C... killall perl a few times and you are good to go. If you do it in C then just killall whatever you named the binary.
If you do it in tty... Just killall bash a few times... :) That is... If it even works.
Here's a Windows 'DOS'. OMG SOMEBODY ISSUE A PATCH!!!!11uno:
somefile.bat:
--------------------
:a
start %0
goto a
--------------------
Then doubleclick on the bat. Rename it to Internet Explorer and change the icon for extra fun. Or even add it to your registry or startup folder if you are feeling really dumb. You'll have to reboot eventually. There's really not an easy way to kill it in windows. You risk borking your box since Windows doesn't like being hard-reset. So don't say I didn't warn ya. :) - ronaldb, on 10/12/2007, -0/+1That was the reason for me to report this story as Inaccurate. The VNU article refers to a patch for a development kernel, even though the Secunia alert refers the correct patch...
- pHr34kY, on 10/12/2007, -0/+1Yes, DoS is easy. Just type this into any linux console and you've got a forkbomb:
:(){ :|:& };:
Very few machines are configured not to crash when people do this! - sporkwitch, on 10/12/2007, -3/+4Well, I DID check out this article to point out that I predicted a fix within 24 hours of 0-hour, but it turned out the first reply was a fix released ages ago ^_^ Nice try at making linux look bad, though, A for effort, submitter ^_^
- chaosmachine, on 10/12/2007, -3/+4local user dos attacks aren't uncommon, not sure why this is front page news. here's one.
cat /dev/urandom > bigfile
on systems without enforced quotas, all disk space on the partition will be consumed in a matter of minutes, meaning other users on the system will be unable to create new files.. even worse if you're able to get the file on the root partition somehow. - erudite, on 10/12/2007, -1/+2AHHH! Local users causing a DoS? No phracking way! Probably be in a Microsoft sponsored Gartner report shortly. I hate people who diss things posted but this is not newsworthy.
An article about morons who administer systems that have perimeter access would be... - joelhardi, on 10/12/2007, -1/+2Original poster: Next time, please use the full version number ... 2.6.17-rc1 ... so the 99.999% of us who are not using RC kernel code on our production boxes can safely ignore and not have our hearts skip a beat.
The 0.001% of us who are kernel devs will appreciate the extra detail as well. - mikedpirone, on 10/12/2007, -1/+2DDoS and DoS are two different things. You're an idiot.
- Feztaa, on 10/12/2007, -0/+1I'm disappointed with your perl-fu. This is much more elegant:
perl -e 'fork while 1' - nofxjunkee, on 10/12/2007, -0/+1That works in a shell (such as bash or tcsh), not "in 100% of linux kernels". Pedantic, yeah maybe just a little...
- dael, on 10/12/2007, -1/+1recursive symlinks, maybe?
- bugmenot69, on 10/12/2007, -5/+5@Gyga
Not if they're using dumb terminals - recover82, on 10/12/2007, -1/+1i'm assuming since it was patched in 2.6.17-rc1 that 2.6.18 is patched as well?
- burke, on 10/12/2007, -1/+1not much of anything worth DoSing is going to have more than one actual physical user, if that.
- CorpT, on 10/12/2007, -2/+1Well, it is part of the Web 2.0 revolution. Makes sense that it would become Slashdot 2.0
- joesnow, on 10/12/2007, -1/+0all that it's on an -rc kernel, doesn't show up in the usual package system "update" unless you're tip of the bleeding edge, which.... with production systems...who is?(and isn't on top of things like white on rice if they are for some reason, ...especially bleeding edge in an environment outside of a server room where users will roam and jack things up with local shell access) ^_-
- bacirriu, on 10/12/2007, -2/+0I'm using 2.6.16 on my gentoo, syncing portage takes too damn long, so I'll forget that :D
Where's the exploit, I wanna DoS myself ;) - Gyga, on 10/12/2007, -11/+6@ Burke,
If they are local they can turn the whole machine off (I don't have to enter a password to do that). Or even hit the physical power button. - bugmenot69, on 10/12/2007, -10/+5sshd is a server...
- bsoric, on 10/12/2007, -19/+2EDIT: Ignore/Downvote this post, submitted it wrong
- ivachen, on 10/12/2007, -23/+5FUD
Check out the new & improved 
© Digg Inc. 2009
— Content created and posted by Digg users is