First of all I must say that OpenNT it's a wonderful product. It works really fine and it really surprise me everyday. My posting here was ONLY intended to aware people for something I found and test, not to shoot a product. > There's two things wrong with this. First, it's hardly a DoS > attack when you > had to authenticate yourself to the system to make the attack. If an admin > saw several dozen instances of a Win32 app belonging to user Nemo, said > admin could simply call up Nemo and yell at him for sucking up memory. > There's no anonymous attack here; no username/password, no access. That's true. This is not a DoS attack on a traditional way. I mean, it's not like 'teardrop', 'nestea' or whatever. But it could be a problem for those systems offering anonymous or guest telnet access: a guest user could log into the system and hang it. You are also right when you say that I, the sysadmin, can face a registered user who is trying to kill my system. But, anyway there's a lack of inner security and it's also possible for a user to hang the computer before being caught. > Second, the Win32 GUI app is running just fine, in a non-displayed Windows > Station. It is consuming some resources, but mostly swap space; > no CPU time, > once the app has started up and is waiting for user input. A user with > appropriate privileges (say, Administrator) should be able to use > TKILL.EXE > or the Task Manager or any other appropriate utility to shoot the > non-visible GUI app. Certainly, Nemo could log back on via telnet > and shoot > his own non-visible GUI app via tkill. I'm sorry but I can't agree with this. I am the system administrator and I have tested it thoroughly before I send my first post and I have tested again before sending this new one. I have tried the experiment from accounts with different access rights, even administrative ones, and NO ONE on the system (Administrators included) could kill the process. They seem to be "protected" system tasks. They may inherit this property from its parent POSIX processes. I couldn't find any file called TKILL.EXE, so I tryed to kill them trough the Task Manager and the kill command, but none of them were able to free the resources. You say there's no CPU use... I must say this is not what I have suffer. Sorry, but there IS CPU hogging. Its use rises to 100% and kernel activity rises to 50% forever. Finally the foreground work turns horrible and the operation turns impossible. {Nemo} --------------------------------------- Nemo - n3m0at_private BlackBrains Security Team member http://www.thepentagon.com/blackbrains/ http://blackbrains.onlinet.com ---------------------------------------
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:12:45 PDT