Re: Possible DoS in rsh

From: Nick Andrew (nickat_private)
Date: Thu Oct 08 1998 - 17:08:46 PDT

Next message: Kevin Lindsay: "Secure Locate v1.0"

Previous message: Max Vision: "more Netscape 4.07 javascript security"
Maybe in reply to: Shivan Dragon: "Possible DoS in rsh"
Next in thread: Henrik Nordstrom: "Re: Possible DoS in rsh"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In message <199810061943.PAA28852at_private>, Shivan Dragon writes:
>I don't know if this has been posted before so here it is. If you link your
>.rhosts file (or hosts.equiv?) to /dev/zero. When you try to rsh it tried to
>read /dev/zero that is of infinate length.

Programs (esp. daemons) which run as root should refuse to read control
files which are symlinks (and home directories should not be on the same
partition as /dev!).

A similar DoS may be possible by symlinking .forward, .qmail, .plan etc.

Nick.

Next message: Kevin Lindsay: "Secure Locate v1.0"
Previous message: Max Vision: "more Netscape 4.07 javascript security"
Maybe in reply to: Shivan Dragon: "Possible DoS in rsh"
Next in thread: Henrik Nordstrom: "Re: Possible DoS in rsh"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:19:01 PDT