I tried to run this: :(){ :&:;};: as a non-root user in my CentOS4 and it bring down my box to its knees. Take care. str
this is a known issue in many linux distros. http://www.securityfocus.com/columnists/308 str tux wrote:> I tried to run this: > > :(){ :&:;};: > > as a non-root user in my CentOS4 > > and it bring down my box to its knees. > > Take care. > > str > _______________________________________________ > CentOS mailing list > CentOS@caosity.org > http://lists.caosity.org/mailman/listinfo/centos >-- Computer Housecalls, Networks, Security, Web Design: http://www.emmanuelcomputerconsulting.com My "Foundation" verse: Isa 54:17 No weapon that is formed against thee shall prosper; and every tongue that shall rise against thee in judgment thou shalt condemn. This is the heritage of the servants of the LORD, and their righteousness is of me, saith the LORD. -- carpe ductum -- "Grab the tape" CDTT (Certified Duct Tape Technician) Linux user #322099 Machines: 206822 256638 276825 http://counter.li.org/
Is you install SELinux and config it good You can minimize effect of this bomb. BTW: this is "normal" sequence of shell command, who''s fork new shell, who;s fork new shell,.... etc :-) William Warren wrote:> this is a known issue in many linux distros. > http://www.securityfocus.com/columnists/308 > > str tux wrote: > >> I tried to run this: >> >> :(){ :&:;};: >> >> as a non-root user in my CentOS4 >> >> and it bring down my box to its knees. >> >> Take care. >> >> str >> _______________________________________________ >> CentOS mailing list >> CentOS@caosity.org >> http://lists.caosity.org/mailman/listinfo/centos >> >
On Sat, 19 Mar 2005, str tux wrote:> I tried to run this: > > :(){ :&:;};: > > as a non-root user in my CentOS4 > > and it bring down my box to its knees.It looks like a longstanding stupid local user geek trick -- where is the news? A talented local user is a BOFH''s worst nightmare and favorite victim. If you cannot trust a local context user who can submit command line content, you are dead anyway. It is a given that one wants to be, rather than compute under, a BOFH. -- Russ Herrold
R P Herrold wrote:> On Sat, 19 Mar 2005, str tux wrote: > >> I tried to run this: >> >> :(){ :&:;};: >> >> as a non-root user in my CentOS4 >> >> and it bring down my box to its knees. > > > It looks like a longstanding stupid local user geek trick -- where is > the news? A talented local user is a BOFH''s worst nightmare and > favorite victim.And don''t forget you can ulimit a user. And yes, a real local user is a real pain in the ass if you don''t trust him/her. Not to mention the "users" whom runs the commands. Just look at how many times a webserver gain shell and runs scripts etc. after a bug just like the phpBB ones. SELinux helps either way. bye, Ago
ulimit don''t help you too much, because ot "eated" processor time to hdd access (after some time will use the caache, but...), fork process, exec process, kill process, etc, so other users will see totaly overloaded server if someone can kill process in the root of chain all will be OK Deim ?goston wrote:> R P Herrold wrote: > >> On Sat, 19 Mar 2005, str tux wrote: >> >>> I tried to run this: >>> >>> :(){ :&:;};: >>> >>> as a non-root user in my CentOS4 >>> >>> and it bring down my box to its knees. >> >> >> >> It looks like a longstanding stupid local user geek trick -- where is >> the news? A talented local user is a BOFH''s worst nightmare and >> favorite victim. > > > And don''t forget you can ulimit a user. And yes, a real local user is a > real pain in the ass if you don''t trust him/her. Not to mention the > "users" whom runs the commands. Just look at how many times a webserver > gain shell and runs scripts etc. after a bug just like the phpBB ones. > SELinux helps either way. > bye, > Ago > _______________________________________________ > CentOS mailing list > CentOS@caosity.org > http://lists.caosity.org/mailman/listinfo/centos > >
On Sat, 19 Mar 2005, [ISO-8859-1] Deim ?goston wrote:>>> and it bring down my box to its knees. >> >> It looks like a longstanding stupid local user geek trick -- where is the >> news? A talented local user is a BOFH''s worst nightmare and favorite >> victim. > > And don''t forget you can ulimit a user. And yes, a real local user is a realI think the point of the upstream exploit code is that some shipped kernel configurations did not loop this through the ulimit checks. - Russ Herrold