PTY DOS vulnerability?

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Peter Wong: "Evaluation of three I/O schedulers"
• Previous message: James Bottomley: "Re: [PATCH] fix for kallsyms module symbol resolution problem"
• Next in thread: Alan Cox: "Re: PTY DOS vulnerability?"
• Reply: Alan Cox: "Re: PTY DOS vulnerability?"
• Reply: Oleg Drokin: "Re: PTY DOS vulnerability?"
• Reply: Jesse Pollard: "Re: PTY DOS vulnerability?"
• Reply: Timothy Miller: "Re: PTY DOS vulnerability?"
• Reply: H. Peter Anvin: "Re: PTY DOS vulnerability?"

I mean, what if eg. apache is hacked, and the first thing the
attacker does is to tie up all PTYs, so that noone can log in to
correct the situation while the attacker can go about his
business? Then the only possible solution would be to reboot the
server, which might very well not be desirable.

If you want proof of concept code, look at
http://www.dolda2000.cjb.net/~fredrik/ptmx.c
I successfully ran this on one of my servers which effectively
disabled anyone from logging in via SSH.

Shouldn't PTYs be a per-user resource limit?

Someone must have thought of this before me, right? How am I
wrong?

Fredrik Tolf

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

• Next message: Peter Wong: "Evaluation of three I/O schedulers"
• Previous message: James Bottomley: "Re: [PATCH] fix for kallsyms module symbol resolution problem"
• Next in thread: Alan Cox: "Re: PTY DOS vulnerability?"
• Reply: Alan Cox: "Re: PTY DOS vulnerability?"
• Reply: Oleg Drokin: "Re: PTY DOS vulnerability?"
• Reply: Jesse Pollard: "Re: PTY DOS vulnerability?"
• Reply: Timothy Miller: "Re: PTY DOS vulnerability?"
• Reply: H. Peter Anvin: "Re: PTY DOS vulnerability?"