Hi, 2011/5/18 Adam Williamson <awilliam@xxxxxxxxxx>: > On Wed, 2011-05-18 at 19:14 +0200, J B wrote: >> Hi, >> >> > I don't know if anyone >> > would want to go as far as making DoS vulns release blocking, but speak >> > up if you would! (Of course there is again the local/remote distinction >> > to consider there: 'all DoS vulns' would be a much tighter standard than >> > 'remote DoS vulns'). >> >> I think the "use of a live image shipped with the release" scenario is >> worth rethinking due to the following: >> >> you talk about a *local* DoS - that's technically true. >> But you know it can be triggered remotely e.g. if you are exposed to >> Internet (nowadays almost everybody is), and the attacker knows the nature >> of vulnerability, and what OS area can be hit to do the maximum damage >> (the price can be very attractive - e.g. the issue raised today by me regarding >> /run/user and /dev/shm and systemd, which is perhaps the most important >> system program after kernel itself). >> So, even a local DoS could qualify for a security blocker. > > Um, to my understanding, your reasoning is flawed. The definition of a > 'local' vulnerability is one which requires console access to exploit. > What you're talking about would not be possible with a 'local exploit', > as the term is usually understood; these can't be exploited by a remote > attacker even if you're 'exposed to Internet'. As far as I'm aware, > the /dev/shm DoS cannot be exploited by a remote attacker. This is exploitable if you have a broken web app. With attached sample script (url: test2.php?file=/dev/shm/test.dat) I can create a file in /dev/shm/. (my devel system is not very secure :)) > -- > Adam Williamson > Fedora QA Community Monkey > IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org > http://www.happyassassin.net > > -- > test mailing list > test@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe: > https://admin.fedoraproject.org/mailman/listinfo/test > -- Best regards, Michal http://eventhorizon.pl/
Attachment:
test2.php
Description: application/httpd-php
-- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
