linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Oleg Drokin <green@namesys.com>
To: Fredrik Tolf <fredrik@dolda2000.cjb.net>
Cc: linux-kernel@vger.kernel.org
Subject: Re: PTY DOS vulnerability?
Date: Tue, 1 Jul 2003 10:22:42 +0400	[thread overview]
Message-ID: <20030701062242.GA7998@namesys.com> (raw)
In-Reply-To: <200306301613.11711.fredrik@dolda2000.cjb.net>

Hello!

On Mon, Jun 30, 2003 at 04:18:36PM +0200, Fredrik Tolf wrote:
> Has someone considered PTYs as a possible attack vector for DOS 
> attacks? Correct me if I'm wrong, but cannot someone just open 
> all available PTYs on a console-less server and make everyone 
> unable to log in?

ability to login != availability of free ptys.

> I mean, what if eg. apache is hacked, and the first thing the 
> attacker does is to tie up all PTYs, so that noone can log in to 
> correct the situation while the attacker can go about his 
> business? Then the only possible solution would be to reboot the 
> server, which might very well not be desirable.

Nope.
slogin someuser@someserver "/bin/bash -i"
will let you in even if you do not have a single pty free. Try it.
If course job control won't work and other minor things are there,
but still this is enough to e.g kill apache and all of its children in your case.

> Shouldn't PTYs be a per-user resource limit?

This one is still interesting, though.

Bye,
    Oleg

  parent reply	other threads:[~2003-07-01  6:09 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-06-30 14:18 PTY DOS vulnerability? Fredrik Tolf
2003-06-30 17:55 ` Alan Cox
2003-06-30 21:31   ` Fredrik Tolf
2003-06-30 21:36     ` Alan Cox
2003-07-01 12:15       ` Jesse Pollard
2003-07-01 13:41       ` Timothy Miller
2003-07-01  6:22 ` Oleg Drokin [this message]
2003-07-01 11:57 ` Jesse Pollard
2003-07-01 19:53   ` Helge Hafting
2003-07-02  6:42     ` Paul Rolland
2003-07-03  1:14     ` Jesse Pollard
2003-07-03  1:52       ` H. Peter Anvin
2003-07-08 23:11 Clayton Weaver
2003-07-09 10:08 ` Svein Ove Aas

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20030701062242.GA7998@namesys.com \
    --to=green@namesys.com \
    --cc=fredrik@dolda2000.cjb.net \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).