[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [linux-security] denial of service attack on login



Hmm, I can imagine utmp being locked this way, but is it worth it for wtmp?
All login does is add an entry to the end...

Linux lacks the updwtmp{,x}() calls which SVR4 provides as a packaged way to 
update wtmp.  My local login code when on Linux just does (basically):

    if ((fd = open(_PATH_WTMP, O_WRONLY|O_APPEND, 0)) >= 0) {
      (void)write(fd, (char *)ut, sizeof(struct utmp));
      (void)close(fd);
    }

and I've seen no problems so far (we don't care about the order of the writes, 
and the worst that can happen is a couple of corrup wtmp entries).

Of course this "denial of service" doesn't stop someone connecting by rcmd or 
rexec, so it can be detected and fixed.

[mod: You can't assume that everybody is running rcmd/rexec. There
are good, security related, reasons for not running those.... -- REW]

 -- Jon



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]