On Wed, 07 Apr 2021 19:51:51 +0200, John Wood said: > When brute detects a brute force attack through the fork system call > (killing p3) it will mark the binary file executed by p3 as "not allowed". > From now on, any execve that try to run this binary will fail. This way it > is not necessary to notify nothing to userspace and also we avoid an exec > brute force attack due to the respawn of processes [2] by a supervisor > (abused or not by a bad guy). You're not thinking evil enough. :) I didn't even finish the line that starts "From now on.." before I started wondering "How can I abuse this to hang or crash a system?" And it only took me a few seconds to come up with an attack. All you need to do is find a way to sigsegv /bin/bash... and that's easy to do by forking, excecve /bin/bash, and then use ptrace() to screw the child process's stack and cause a sigsegv. Say goodnight Gracie...
Attachment:
pgp0ooshZZx_S.pgp
Description: PGP signature
