Re: [suse-security] Recursive Shellscript
Moin, Quoting Peer-Christoph Mettelem (Peer-Christoph.Mettelem@bezreg-muenster.nrw.de) on Mon, Apr 23, 2001 at 09:48:12AM +0200:
Hi,
I just wrote a shell script which looks like this: while true do $0 done
I executed it as normal user and then the following happened: As you can imagine, very many shells were started (i wasn't able to count them because the system wasnt responding any more). And then the system started killing system processes like X and smbd. I got the following output on console 10: Apr 23 09:11:54 AlBundy kernel: VM: killing process kmail Apr 23 09:12:52 AlBundy kernel: VM: killing process smbd Apr 23 09:13:03 AlBundy kernel: VM: killing process smbd Apr 23 09:13:05 AlBundy kernel: VM: killing process xconsole Apr 23 09:13:13 AlBundy kernel: VM: killing process X
The system recovered itself by killing X. That worked because i started the script from a shell in KDE. But if the script would be started within a telnet session, it could be more dangerous.
I don't know if this is a security hole, but it might be.
This is a security hole if you ask me. Especially when seeing a non privileged user process eating up resources quickly. That should not happen, even without explicit ulimits. AIX had the same problem some yaers ago, then the changed the algorithm for killing processes in that situation and nowadays it seems to be killing the offender most of the time. Time for a kernel change me thinks. afx -- atsec information security GmbH Phone: +49-89-44249830 Steinstrasse 68 Fax: +49-89-44249831 D-81667 Muenchen, Germany WWW: www.atsec.com May the Source be with you!
Hi, i just tried again what happens, when i run the script. This time the server wasn't able to recover itself. After 2 minutes the system was nearly down and after about two hours it had to be rebooted. I think all those web-space providers which offer access to cgi are *very* vulnerable. Peer-Christoph Mettelem
Hi,
i just tried again what happens, when i run the script. This time the server wasn't able to recover itself. After 2 minutes the system was nearly down and after about two hours it had to be rebooted. I think all those web-space providers which offer access to cgi are *very* vulnerable.
Actually no, most of the good ones are not vulnerable. They put in user limits and the audit your cgi scripts before they are installed. Ok I found a serious bug in suse. When I hit my server with a hammer a lot suse stops working. I want a fix NOW. I think this is a serious problem for anyone running suse!
Peer-Christoph Mettelem
-Kurt
Hi,
i just tried again what happens, when i run the script. This time the server wasn't able to recover itself. After 2 minutes the system was nearly down and after about two hours it had to be rebooted. I think all those web-space providers which offer access to cgi are *very* vulnerable.
Actually no, most of the good ones are not vulnerable. They put in user limits and the audit your cgi scripts before they are installed.
Ok I found a serious bug in suse. When I hit my server with a hammer a lot suse stops working. I want a fix NOW. I think this is a serious problem for anyone running suse!
Peer-Christoph Mettelem
-Kurt
Yeah, I tried it at my office server, and this one is vulnerable to this failure too. (Used a 300g hammer and Kernel 2.2.18) Because of the very heavy system crash I haven't reproduced it with kernel 2.4.3, but I think this one is vulnerable too. Seems to be a kernel problem, we should inform Linus. Back to reality: Performing this failure with cgi scripts on public web servers won't work in most cases, as Kurt pointed out. But if my users in my company log in and start a script with such an error (erroneously! ) and give me a DoS - this is definitely a vulnerability! I never tested the script, but such a recursion error could happen very fast. Ralf P.S.: Sorry, Kurt, for sending the mail directly to you. It's late and I haven't changed the address. * * Ralf 'coko' Koch * mailto:info@formel4.de * --- Drücken Sie auf Abbrechen zum Fortfahren
participants (4)
-
Andreas Siegert
-
Kurt Seifried
-
Peer-Christoph Mettelem
-
Ralf Koch