From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Sun, 12 Aug 2001 21:28:05 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Sun, 12 Aug 2001 21:27:55 -0400 Received: from lanm-pc.com ([64.81.97.118]:53241 "EHLO golux.thyrsus.com") by vger.kernel.org with ESMTP id ; Sun, 12 Aug 2001 21:27:10 -0400 Date: Sun, 12 Aug 2001 21:24:30 -0400 From: "Eric S. Raymond" To: Linux Kernel List Subject: S2464 (K7 Thunder) hangs -- some lessons learned Message-ID: <20010812212430.A9300@thyrsus.com> Reply-To: esr@thyrsus.com Mail-Followup-To: "Eric S. Raymond" , Linux Kernel List Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Organization: Eric Conspiracy Secret Labs X-Eric-Conspiracy: There is no conspiracy Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Alas, the 2.4.8+ emu10k1 driver does not completely banish the K7 Thunder lockups problem. It makes them a lot rarer, though, and enabled us to get to the next level of diagnosis. More from the article in progress: But as it turned out, the story didn't end there. The 2.4.8+ driver doesn't completely banish the hangs; early in the morning of the third day, while I was asleep, Gary tripped over a way to re-induce them by logging into the machine via ssh while an X build is running. I didn't yet know this when I next read my mail and saw a report from Jeffrey Ingber of the linux-kernel list that he had continued to see emu10k1 lockups after installing 2.4.8 -- but that they were banished by the ALSA drivers. Further testing proved, in fact, that the presence of the SB Live! in the machine can make it vulnerable to lockups triggered by network activity even when the emul10k1 support is not configured in at all! This takes the operating system out of the picture and suggests a hardware- or BIOS-level problem. Our suspicions were immediately directed to PCI IRQ sharing, a well-known source of lossage. Upon investigation (via /proc/pci), we discovered that the IRQ assignments looked distinctly dubious. IRQs shared between on-board devices didn't bother us; we presumed the board designers had been smart enough to avoid conflicts. But IRQs shared between on-board and daughtercard devices looked like they might be part of the problem. Unlike some other PCI BIOSes, the S2464's doesn't give you the capability to wire IRQs to specific card slots. While looking for this, however, we found a BIOS setting that seemed relevant -- "Use PCI Interrupt Entries In MP Table". When we switched it to `Yes', rebooted, and looked at /proc/pci, the IRQ assignments looked a lot saner -- and when we tested, the ssh hang was gone! OK, so the lessons here are: 1. The S2464 needs to be configured with "Use PCI Interrupt Entries In MP Table" for sanity to prevail, and 2. When you see a box hang that's clearly related to a daughtercard, *run* (do not walk) to your local /proc directory, cat /proc/pci and check out the IRQ assignments. I'm not certain we've nailed the entire problem yet -- we still need to test with the emu10k1 sound driver linked in. But it's looking pretty good. BTW, somebody mailed me an explanation of that BIOS setting ("Use PCI Interrupt Entries In MP Table") but I managed to lose it. Whoever you are, could you remail? I want to include some sort of explanation in the article. -- Eric S. Raymond The people cannot delegate to government the power to do anything which would be unlawful for them to do themselves. -- John Locke, "A Treatise Concerning Civil Government" From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Sun, 12 Aug 2001 21:46:15 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Sun, 12 Aug 2001 21:46:05 -0400 Received: from cx570538-a.elcjn1.sdca.home.com ([24.5.14.144]:13440 "EHLO keroon.dmz.dreampark.com") by vger.kernel.org with ESMTP id ; Sun, 12 Aug 2001 21:45:52 -0400 Message-ID: <3B77302C.96C79272@randomlogic.com> Date: Sun, 12 Aug 2001 18:41:00 -0700 From: "Paul G. Allen" Organization: Akamai Technologies, Inc. X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.7-ac10 i686) X-Accept-Language: en MIME-Version: 1.0 CC: Linux Kernel List Subject: Re: S2464 (K7 Thunder) hangs -- some lessons learned In-Reply-To: <20010812212430.A9300@thyrsus.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit To: unlisted-recipients:; (no To-header on input)@localhost.localdomain Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org (Small note. The K7 Thunder is S2462, unless there is another, possibly newer, version released?) "Eric S. Raymond" wrote: > [SNIP] > > OK, so the lessons here are: > > 1. The S2464 needs to be configured with "Use PCI Interrupt Entries In MP > Table" for sanity to prevail, and I have been running my K7 in this mode since purchase. Could this be why I see no SB Live!/ EMU10K problems (though I am running 2.4.7 kernels now)? > > 2. When you see a box hang that's clearly related to a daughtercard, *run* > (do not walk) to your local /proc directory, cat /proc/pci and check out > the IRQ assignments. Problem is, when it does hang, I can't get there as the system is completely locked, including ssh and telnet. PGA -- Paul G. Allen UNIX Admin II/Network Security Akamai Technologies, Inc. www.akamai.com From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Mon, 13 Aug 2001 01:13:19 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Mon, 13 Aug 2001 01:13:09 -0400 Received: from [24.159.204.122] ([24.159.204.122]:54030 "EHLO tweedle.cabbey.net") by vger.kernel.org with ESMTP id ; Mon, 13 Aug 2001 01:12:57 -0400 Date: Mon, 13 Aug 2001 00:12:43 -0500 (CDT) From: Christopher Abbey To: Linux Kernel List Subject: Re: S2464 (K7 Thunder) hangs -- some lessons learned In-Reply-To: <3B77302C.96C79272@randomlogic.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Yesterday, Paul G. Allen wrote: > > 2. When you see a box hang that's clearly related to a daughtercard, *run* > > (do not walk) to your local /proc directory, cat /proc/pci and check out > > the IRQ assignments. lspci -vvv is also usefull. > Problem is, when it does hang, I can't get there as the system is > completely locked, including ssh and telnet. But the point is to go look at the pci interrupt assignments *before* the hang occurs. I've seen the same situation, where two devices are sharing an interupt, one on the mobo, the other in a PCI slot... it's never been a good thing in my experience. As Eric pointed out if they're both on the mobo you have to hope the designers built the hardware to handle that, or if they're both in pci slots you can usually expect the cards will play well with others. It's the third case that's trouble, and then it's time to do as Eric did - get into the bios and change the assignements (or in this case something that would cuase a change to happen). -- now the forces of openness have a powerful and unexpected new ally - http://ibm.com/linux From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Mon, 13 Aug 2001 08:32:26 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Mon, 13 Aug 2001 08:32:16 -0400 Received: from router-100M.swansea.linux.org.uk ([194.168.151.17]:26116 "EHLO the-village.bc.nu") by vger.kernel.org with ESMTP id ; Mon, 13 Aug 2001 08:32:01 -0400 Subject: Re: S2464 (K7 Thunder) hangs -- some lessons learned To: esr@thyrsus.com Date: Mon, 13 Aug 2001 13:34:30 +0100 (BST) Cc: linux-kernel@vger.kernel.org (Linux Kernel List) In-Reply-To: <20010812212430.A9300@thyrsus.com> from "Eric S. Raymond" at Aug 12, 2001 09:24:30 PM X-Mailer: ELM [version 2.5 PL5] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-Id: From: Alan Cox Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org > Alas, the 2.4.8+ emu10k1 driver does not completely banish the K7 Thunder > lockups problem. It makes them a lot rarer, though, and enabled us to get to > the next level of diagnosis. What version of the chipset do you have. The current ones can hang the PCI bus during IDE transfers if you have IDE read/write prefetch enabled in the bios setup. It also has problems with the APIC implementation where an IRQ masked in the APIC re-occurs which can hang the system. Worrying this one is marked 'nofix'. You might want to trying running "noapic" Alan From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Mon, 13 Aug 2001 11:21:34 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Mon, 13 Aug 2001 11:21:24 -0400 Received: from [65.100.125.89] ([65.100.125.89]:62962 "EHLO golux.thyrsus.com") by vger.kernel.org with ESMTP id ; Mon, 13 Aug 2001 11:21:14 -0400 Date: Mon, 13 Aug 2001 11:18:50 -0400 From: "Eric S. Raymond" To: Alan Cox Cc: Linux Kernel List Subject: Re: S2464 (K7 Thunder) hangs -- some lessons learned Message-ID: <20010813111850.D21008@thyrsus.com> Reply-To: esr@thyrsus.com Mail-Followup-To: "Eric S. Raymond" , Alan Cox , Linux Kernel List In-Reply-To: <20010812212430.A9300@thyrsus.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from alan@lxorguk.ukuu.org.uk on Mon, Aug 13, 2001 at 01:34:30PM +0100 Organization: Eric Conspiracy Secret Labs X-Eric-Conspiracy: There is no conspiracy Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Alan Cox : > > Alas, the 2.4.8+ emu10k1 driver does not completely banish the K7 Thunder > > lockups problem. It makes them a lot rarer, though, and enabled us to get > > to the next level of diagnosis. > > What version of the chipset do you have. The current ones can hang > the PCI bus during IDE transfers if you have IDE read/write prefetch > enabled in the bios setup. I don't know what version we have. Is there a way to query it through /proc? We have IDE disabled in the BIOS, so we're not likely to see this bug. > It also has problems with the APIC implementation where an IRQ masked in > the APIC re-occurs which can hang the system. Worrying this one is marked > 'nofix'. You might want to trying running "noapic" I'll bear that in mind if the lockups recur. I'll copy this to Gary, who might find himself building IDE systems around this board. -- Eric S. Raymond "America is at that awkward stage. It's too late to work within the system, but too early to shoot the bastards." -- Claire Wolfe From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Mon, 13 Aug 2001 11:44:09 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Mon, 13 Aug 2001 11:43:58 -0400 Received: from router-100M.swansea.linux.org.uk ([194.168.151.17]:19462 "EHLO the-village.bc.nu") by vger.kernel.org with ESMTP id ; Mon, 13 Aug 2001 11:43:49 -0400 Subject: Re: S2464 (K7 Thunder) hangs -- some lessons learned To: esr@thyrsus.com Date: Mon, 13 Aug 2001 16:46:20 +0100 (BST) Cc: alan@lxorguk.ukuu.org.uk (Alan Cox), linux-kernel@vger.kernel.org (Linux Kernel List) In-Reply-To: <20010813111850.D21008@thyrsus.com> from "Eric S. Raymond" at Aug 13, 2001 11:18:50 AM X-Mailer: ELM [version 2.5 PL5] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-Id: From: Alan Cox Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org > I don't know what version we have. Is there a way to query it through /proc? You need to look at the lspci hex data. There's an errata document for the MP chipset on www.amd.com if you realyl want to scare yourself 8) Alan -- "Have you noticed the way people's intelligence capabilities decline sharply the minute they start waving guns around?" -- Dr. Who From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Mon, 13 Aug 2001 11:54:58 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Mon, 13 Aug 2001 11:54:48 -0400 Received: from [65.100.125.89] ([65.100.125.89]:54515 "EHLO golux.thyrsus.com") by vger.kernel.org with ESMTP id ; Mon, 13 Aug 2001 11:54:36 -0400 Date: Mon, 13 Aug 2001 11:52:14 -0400 From: "Eric S. Raymond" To: Alan Cox Cc: Linux Kernel List Subject: Re: S2464 (K7 Thunder) hangs -- some lessons learned Message-ID: <20010813115214.A23591@thyrsus.com> Reply-To: esr@thyrsus.com Mail-Followup-To: "Eric S. Raymond" , Alan Cox , Linux Kernel List In-Reply-To: <20010813111850.D21008@thyrsus.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from alan@lxorguk.ukuu.org.uk on Mon, Aug 13, 2001 at 04:46:20PM +0100 Organization: Eric Conspiracy Secret Labs X-Eric-Conspiracy: There is no conspiracy Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Alan Cox : > You need to look at the lspci hex data. There's an errata document for the > MP chipset on www.amd.com if you realyl want to scare yourself 8) Is there a more formal name for the chipset than just "760"? > "Have you noticed the way people's intelligence capabilities decline > sharply the minute they start waving guns around?" > -- Dr. Who People who wave guns around to coerce others don't think they *have* to be intelligent, so they stop thinking. Unfortunately, they're right in the short term often enough to make it almost useless that they're always wrong in the long term. Sigh... -- Eric S. Raymond Everything you know is wrong. But some of it is a useful first approximation. From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Mon, 13 Aug 2001 11:58:48 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Mon, 13 Aug 2001 11:58:39 -0400 Received: from router-100M.swansea.linux.org.uk ([194.168.151.17]:36358 "EHLO the-village.bc.nu") by vger.kernel.org with ESMTP id ; Mon, 13 Aug 2001 11:58:22 -0400 Subject: Re: S2464 (K7 Thunder) hangs -- some lessons learned To: esr@thyrsus.com Date: Mon, 13 Aug 2001 17:00:54 +0100 (BST) Cc: alan@lxorguk.ukuu.org.uk (Alan Cox), linux-kernel@vger.kernel.org (Linux Kernel List) In-Reply-To: <20010813115214.A23591@thyrsus.com> from "Eric S. Raymond" at Aug 13, 2001 11:52:14 AM X-Mailer: ELM [version 2.5 PL5] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-Id: From: Alan Cox Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org > Alan Cox : > > You need to look at the lspci hex data. There's an errata document for the > > MP chipset on www.amd.com if you realyl want to scare yourself 8) > > Is there a more formal name for the chipset than just "760"? http://www.amd.com/products/cpg/athlon/techdocs/index.html#chipset Its the AMD760tm MP - really From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Mon, 13 Aug 2001 15:07:16 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Mon, 13 Aug 2001 15:06:56 -0400 Received: from NS.iNES.RO ([193.230.220.1]:49335 "EHLO smtp.ines.ro") by vger.kernel.org with ESMTP id ; Mon, 13 Aug 2001 15:06:51 -0400 Message-ID: <3B7822E5.9AE35D4A@interplus.ro> Date: Mon, 13 Aug 2001 21:56:37 +0300 From: Mircea Ciocan Organization: Home Office X-Mailer: Mozilla 4.78 [en] (X11; U; Linux 2.4.7-ac2 i686) X-Accept-Language: en MIME-Version: 1.0 To: Alan Cox CC: Linux Kernel List Subject: Is there something that can be done against this ??? X-Priority: 1 (Highest) In-Reply-To: Content-Type: multipart/mixed; boundary="------------F2E7C16DFD3A4066C4362A4F" Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org This is a multi-part message in MIME format. --------------F2E7C16DFD3A4066C4362A4F Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit The attached piece of script kiddie shit is the first one that worked flawlessly on my Mandrake box :((( ( kernel 2.4.7ac2, glibc-2.2.3 ), instant root access !!!. I was stunned, and it seem that is the beginning of a Linux Code Red lookalike worm :(((( using that exploit, probably this is not the most apropriate place to send this, but I'm not subscribed to the glibc mailing list and I just hope that some glibc hackers are on linux kernel list also and they see that and do something before we join the ranks of M$. Dead worried, Mircea C. P.S. Please tell me that I'm just being parnoid and that crap didn't work on your systems with a lookalike configuration. --------------F2E7C16DFD3A4066C4362A4F Content-Type: application/x-sh; name="smile.sh" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline; filename="smile.sh" #Simple local shell exploit for Linux/ix86 #This program demonstrates a security problem in ld (the GNU linker) #Written by FAT-KID with "great respect" to all .ro SCRIPT KIDDIES #Greetings: #denied (undernet) = #Fix: No fuckin idea for a good fix... a little sense of humor maybe :) #Eat a frog for more info. #!/bin/bash echo -ne "Creating malicious code... " echo -e "\x23\x69\x6e\x63\x6c\x75\x64\x65\x20\x3c\x73\x74\x64\x69\x6f\x2e= \x68\x3e\n\x23\x69\x6e\x63\x6c\x75\x64\x65\x20\x3c\x73\x74\x64\x6c\x69\x6= 2\x2e\x68\x3e\n\x69\x6e\x74\x20\x67\x65\x74\x75\x69\x64\x28\x29\x20\x7b\x= 20\x72\x65\x74\x75\x72\x6e\x28\x30\x29\x3b\x20\x7d\x20\x69\x6e\x74\x20\x6= 7\x65\x74\x65\x75\x69\x64\x28\x29\x20\x7b\x20\x72\x65\x74\x75\x72\x6e\x28= \x30\x29\x3b\x20\x7d\x20\x69\x6e\x74\x20\x67\x65\x74\x67\x69\x64\x28\x29\= x20\x7b\x20\x72\x65\x74\x75\x72\x6e\x28\x30\x29\x3b\x20\x7d\x20\x69\x6e\x= 74\x20\x67\x65\x74\x65\x67\x69\x64\x28\x29\x20\x7b\x20\x72\x65\x74\x75\x7= 2\x6e\x28\x30\x29\x3b\x20\x7d\x20\x69\x6e\x74\x20\x67\x65\x74\x67\x72\x6f= \x75\x70\x73\x28\x69\x6e\x74\x20\x73\x69\x7a\x65\x2c\x20\x69\x6e\x74\x20\= x6c\x69\x73\x74\x5b\x5d\x29\x20\x7b\x20\x6c\x69\x73\x74\x20\x3d\x20\x28\x= 69\x6e\x74\x20\x2a\x29\x6d\x61\x6c\x6c\x6f\x63\x28\x73\x69\x7a\x65\x6f\x6= 6\x28\x69\x6e\x74\x29\x29\x3b\x20\x72\x65\x74\x75\x72\x6e\x28\x31\x29\x3b= \x20\x7d">/tmp/temp.c sleep 1 echo -ne "done.\nCompiling exploit... " gcc -shared -o /tmp/temp.so /tmp/temp.c rm -rf /tmp/temp.c sleep 1 echo -ne "done.\nExploiting ld...\n" sleep 3 echo -ne "done.\nBug sucessfully exploited. \x62\x79\x20\x46\x41\x54\x2d\= x4b\x49\x44\x20\x3c\x61\x74\x6d\x6f\x73\x40\x73\x70\x6f\x30\x66\x65\x64\x= 2e\x63\x6f\x6d\x3e" echo -e "\n" export LD_LIBRARY_PATH=3D/tmp LD_PRELOAD=3D/tmp/temp.so bash rm -rf /tmp/temp.so --------------F2E7C16DFD3A4066C4362A4F-- From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Mon, 13 Aug 2001 15:19:56 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Mon, 13 Aug 2001 15:19:46 -0400 Received: from unthought.net ([212.97.129.24]:8146 "HELO mail.unthought.net") by vger.kernel.org with SMTP id ; Mon, 13 Aug 2001 15:19:29 -0400 Date: Mon, 13 Aug 2001 21:19:41 +0200 From: =?iso-8859-1?Q?Jakob_=D8stergaard?= To: Mircea Ciocan Cc: Linux Kernel List Subject: Re: Is there something that can be done against this ??? Message-ID: <20010813211941.C32620@unthought.net> Mail-Followup-To: =?iso-8859-1?Q?Jakob_=D8stergaard?= , Mircea Ciocan , Linux Kernel List In-Reply-To: <3B7822E5.9AE35D4A@interplus.ro> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.2i In-Reply-To: <3B7822E5.9AE35D4A@interplus.ro>; from mirceac@interplus.ro on Mon, Aug 13, 2001 at 09:56:37PM +0300 Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Aug 13, 2001 at 09:56:37PM +0300, Mircea Ciocan wrote: > The attached piece of script kiddie shit is the first one that worked > flawlessly on my Mandrake box :((( ( kernel 2.4.7ac2, glibc-2.2.3 ), > instant root access !!!. Try echo "gotcha" > /etc/passwd It will fail. Because you don't have root - it just *looks* like it. The "malicious" code is: #include #include int getuid() { return(0); } int geteuid() { return(0); } int getgid() { return(0); } int getegid() { return(0); } int getgroups(int size, int list[]) { list = (int *)malloc(sizeof(int)); return(1); } The script spawns a new bash using LD_PRELOAD to override the glibc functions with the above ones. This does not compromise kernel security in any way what so ever. Not even close. You *may* be able to trick a naive user, but he won't be able to do anything bad, because he is not root. Even though he may think he is. And even though bash may think it is. > I was stunned, and it seem that is the beginning of a Linux Code Red > lookalike worm :(((( using that exploit, probably this is not the most > apropriate place to send this, but I'm not subscribed to the glibc > mailing list and I just hope that some glibc hackers are on linux kernel > list also and they see that and do something before we join the ranks of > M$. > > Dead worried, Don't worry. > > Mircea C. > > P.S. Please tell me that I'm just being parnoid and that crap didn't > work on your systems with a lookalike configuration. You're just being paranoid and that crap didn't work on your system either :) -- ................................................................ : jakob@unthought.net : And I see the elder races, : :.........................: putrid forms of man : : Jakob Østergaard : See him rise and claim the earth, : : OZ9ABN : his downfall is at hand. : :.........................:............{Konkhra}...............: From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Mon, 13 Aug 2001 15:24:27 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Mon, 13 Aug 2001 15:24:16 -0400 Received: from xilofon.it.uc3m.es ([163.117.139.114]:6272 "EHLO xilofon.it.uc3m.es") by vger.kernel.org with ESMTP id ; Mon, 13 Aug 2001 15:24:03 -0400 From: "Peter T. Breuer" Message-Id: <200108131924.VAA03520@xilofon.it.uc3m.es> Subject: Re: Is there something that can be done against this ??? X-ELM-OSV: (Our standard violations) hdr-charset=US-ASCII In-Reply-To: <3B7822E5.9AE35D4A@interplus.ro> "from Mircea Ciocan at Aug 13, 2001 09:56:37 pm" To: Mircea Ciocan Date: Mon, 13 Aug 2001 21:24:06 +0200 (CEST) CC: linux kernel X-Anonymously-To: Reply-To: ptb@it.uc3m.es X-Mailer: ELM [version 2.4ME+ PL89 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org "A month of sundays ago Mircea Ciocan wrote:" > P.S. Please tell me that I'm just being parnoid and that crap didn't > work on your systems with a lookalike configuration. It doesn't work. It just looks like it does to the viewer! The "exploit" is a loadable shared library that replaces the getuid, geteuid, getgid and getegid functions with dummies that always return 0. So the code in bash that looks up the prompt and all thatgoes and looks up roots .profile. The result is that you get what looks like a root prompt, and your calls to id return 0 :-) But it can't really change uid. Try touching a file in / ! Peter From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Mon, 13 Aug 2001 15:26:16 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Mon, 13 Aug 2001 15:26:07 -0400 Received: from runyon.cygnus.com ([205.180.230.5]:42237 "EHLO cygnus.com") by vger.kernel.org with ESMTP id ; Mon, 13 Aug 2001 15:25:58 -0400 To: Mircea Ciocan Cc: Alan Cox , Linux Kernel List Subject: Re: Is there something that can be done against this ??? In-Reply-To: <3B7822E5.9AE35D4A@interplus.ro> Reply-To: drepper@cygnus.com (Ulrich Drepper) X-fingerprint: BE 3B 21 04 BC 77 AC F0 61 92 E4 CB AC DD B9 5A X-fingerprint: e6:49:07:36:9a:0d:b7:ba:b5:e9:06:f3:e7:e7:08:4a From: Ulrich Drepper Date: 13 Aug 2001 12:19:44 -0700 In-Reply-To: Mircea Ciocan's message of "Mon, 13 Aug 2001 21:56:37 +0300" Message-ID: User-Agent: Gnus/5.0807 (Gnus v5.8.7) XEmacs/21.2 (Thelxepeia) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Mircea Ciocan writes: > The attached piece of script kiddie shit is the first one that worked > flawlessly on my Mandrake box :((( ( kernel 2.4.7ac2, glibc-2.2.3 ), > instant root access !!!. This is a hoax. Try doing something with your "exploited" shell. -- ---------------. ,-. 1325 Chesapeake Terrace Ulrich Drepper \ ,-------------------' \ Sunnyvale, CA 94089 USA Red Hat `--' drepper at redhat.com `------------------------ From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Mon, 13 Aug 2001 15:30:46 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Mon, 13 Aug 2001 15:30:26 -0400 Received: from NS.iNES.RO ([193.230.220.1]:57528 "EHLO smtp.ines.ro") by vger.kernel.org with ESMTP id ; Mon, 13 Aug 2001 15:30:20 -0400 Message-ID: <3B782868.95729E1E@interplus.ro> Date: Mon, 13 Aug 2001 22:20:08 +0300 From: Mircea Ciocan Organization: Home Office X-Mailer: Mozilla 4.78 [en] (X11; U; Linux 2.4.7-ac2 i686) X-Accept-Language: en MIME-Version: 1.0 To: Ulrich Drepper CC: Alan Cox , Linux Kernel List Subject: Re: Is there something that can be done against this ??? In-Reply-To: <3B7822E5.9AE35D4A@interplus.ro> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org OK, I realized is a hoax, I should look at the code first then cry the wolf is comming :), but anyhow this crap is VERY effective in demonstrating to a clueless IT manager that Linux is oh, sooo easy to break in. So at least to learn something from this, is there a way to stop completly that crap ??? My apologies to get you disturbed. Mircea "washing the egg on his face" C. Ulrich Drepper wrote: > > Mircea Ciocan writes: > > > The attached piece of script kiddie shit is the first one that worked > > flawlessly on my Mandrake box :((( ( kernel 2.4.7ac2, glibc-2.2.3 ), > > instant root access !!!. > > This is a hoax. Try doing something with your "exploited" shell. > > -- > ---------------. ,-. 1325 Chesapeake Terrace > Ulrich Drepper \ ,-------------------' \ Sunnyvale, CA 94089 USA > Red Hat `--' drepper at redhat.com `------------------------ From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Mon, 13 Aug 2001 15:34:26 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Mon, 13 Aug 2001 15:34:16 -0400 Received: from zeke.inet.com ([199.171.211.198]:35779 "EHLO zeke.inet.com") by vger.kernel.org with ESMTP id ; Mon, 13 Aug 2001 15:34:03 -0400 Message-ID: <3B782BAB.891D977A@inet.com> Date: Mon, 13 Aug 2001 14:34:03 -0500 From: Eli Carter Organization: Inet Technologies, Inc. X-Mailer: Mozilla 4.72 [en] (X11; U; Linux 2.2.19-6.2.7 i686) X-Accept-Language: en MIME-Version: 1.0 To: ptb@it.uc3m.es CC: Mircea Ciocan , linux kernel Subject: Re: Is there something that can be done against this ??? In-Reply-To: <200108131924.VAA03520@xilofon.it.uc3m.es> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org "Peter T. Breuer" wrote: > > "A month of sundays ago Mircea Ciocan wrote:" > > P.S. Please tell me that I'm just being parnoid and that crap didn't > > work on your systems with a lookalike configuration. > > It doesn't work. It just looks like it does to the viewer! The \x.. constructs in the echos require bash 2. C-ya, Eli --------------------. Real Users find the one combination of bizarre Eli Carter \ input values that shuts down the system for days. eli.carter(a)inet.com `------------------------------------------------- From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Mon, 13 Aug 2001 15:33:16 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Mon, 13 Aug 2001 15:33:06 -0400 Received: from ppp30.ts3.Gloucester.visi.net ([206.246.230.158]:752 "EHLO blimpo.internal.net") by vger.kernel.org with ESMTP id ; Mon, 13 Aug 2001 15:32:54 -0400 Date: Mon, 13 Aug 2001 15:32:58 -0400 From: Ben Collins To: Mircea Ciocan Cc: Linux Kernel List Subject: Re: Is there something that can be done against this ??? Message-ID: <20010813153258.X30381@visi.net> In-Reply-To: <3B7822E5.9AE35D4A@interplus.ro> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.15i In-Reply-To: <3B7822E5.9AE35D4A@interplus.ro>; from mirceac@interplus.ro on Mon, Aug 13, 2001 at 09:56:37PM +0300 Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Aug 13, 2001 at 09:56:37PM +0300, Mircea Ciocan wrote: > The attached piece of script kiddie shit is the first one that worked > flawlessly on my Mandrake box :((( ( kernel 2.4.7ac2, glibc-2.2.3 ), > instant root access !!!. > I was stunned, and it seem that is the beginning of a Linux Code Red > lookalike worm :(((( using that exploit, probably this is not the most > apropriate place to send this, but I'm not subscribed to the glibc > mailing list and I just hope that some glibc hackers are on linux kernel > list also and they see that and do something before we join the ranks of > M$. Wow, someone tried to pass off this as an exploit? Looks very much like Debian's fakeroot package, used to give a false root lookalike shell (helps when building things as normal user, when they need to think they are root). Nice, but not an exploit. Just a cheap old trick. -- .----------=======-=-======-=========-----------=====------------=-=-----. / Ben Collins -- ...on that fantastic voyage... -- Debian GNU/Linux \ ` bcollins@debian.org -- bcollins@openldap.org -- bcollins@linux.com ' `---=========------=======-------------=-=-----=-===-======-------=--=---' From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Mon, 13 Aug 2001 15:40:16 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Mon, 13 Aug 2001 15:40:06 -0400 Received: from lightning.hereintown.net ([207.196.96.3]:65164 "EHLO lightning.hereintown.net") by vger.kernel.org with ESMTP id ; Mon, 13 Aug 2001 15:39:54 -0400 Date: Mon, 13 Aug 2001 15:53:59 -0400 (EDT) From: Chris Meadors To: Mircea Ciocan cc: Linux Kernel List Subject: Re: Is there something that can be done against this ??? In-Reply-To: <3B782868.95729E1E@interplus.ro> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org On Mon, 13 Aug 2001, Mircea Ciocan wrote: > OK, I realized is a hoax, I should look at the code first then cry the > wolf is comming :), but anyhow this crap is VERY effective in > demonstrating to a clueless IT manager that Linux is oh, sooo easy to > break in. Break in? > So at least to learn something from this, is there a way to stop > completly that crap ??? What crap? You mean, saving an attachment you got in an e-mail, stripping out the ^Ms at the end of lines, so the script can run correctly, and then chmod +x that script, AND THEN run that script? Oh, that crap... > My apologies to get you disturbed. I wasn't. > Mircea "washing the egg on his face" C. I think you missed some. -Chris -- Two penguins were walking on an iceberg. The first penguin said to the second, "you look like you are wearing a tuxedo." The second penguin said, "I might be..." --David Lynch, Twin Peaks From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Mon, 13 Aug 2001 15:41:36 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Mon, 13 Aug 2001 15:41:26 -0400 Received: from vitelus.com ([64.81.36.147]:8 "EHLO vitelus.com") by vger.kernel.org with ESMTP id ; Mon, 13 Aug 2001 15:41:12 -0400 Date: Mon, 13 Aug 2001 12:41:07 -0700 From: Aaron Lehmann To: Mircea Ciocan Cc: Ulrich Drepper , Alan Cox , Linux Kernel List Subject: Re: Is there something that can be done against this ??? Message-ID: <20010813124107.B3111@vitelus.com> In-Reply-To: <3B7822E5.9AE35D4A@interplus.ro> <3B782868.95729E1E@interplus.ro> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3B782868.95729E1E@interplus.ro> User-Agent: Mutt/1.3.20i Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Aug 13, 2001 at 10:20:08PM +0300, Mircea Ciocan wrote: > So at least to learn something from this, is there a way to stop > completly that crap ??? No. From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Mon, 13 Aug 2001 15:51:36 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Mon, 13 Aug 2001 15:51:26 -0400 Received: from mta3n.bluewin.ch ([195.186.1.212]:28237 "EHLO mta3n.bluewin.ch") by vger.kernel.org with ESMTP id ; Mon, 13 Aug 2001 15:51:18 -0400 Message-ID: <3B776EA500038438@mta3n.bluewin.ch> (added by postmaster@bluewin.ch) From: "Per Jessen" To: "Linux Kernel List" , "Mircea Ciocan" Date: Mon, 13 Aug 2001 22:00:00 +0200 Reply-To: "Per Jessen" X-Mailer: PMMail 98 Professional (2.01.1600) For Windows 95 (4.0.1212) MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Subject: Re: Is there something that can be done against this ??? Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org On Mon, 13 Aug 2001 22:20:08 +0300, Mircea Ciocan wrote: > OK, I realized is a hoax, I should look at the code first then cry the >wolf is comming :), but anyhow this crap is VERY effective in >demonstrating to a clueless IT manager that Linux is oh, sooo easy to >break in. This is an EXCELLENT comment - we need to be concerned not just about fact, but also about perception. For those of you in admin jobs with clueless IT managers watching over your shoulder, this is a real challenge. Hopefully, since you have *already* adopted Linux, you'll be able to prove that this particular script was no threat to Linux. > So at least to learn something from this, is there a way to stop >completly that crap ??? > My apologies to get you disturbed. I think you did rightly so. No apologies needed. regards, Per Jessen regards, Per Jessen, Zurich http://www.enidan.com - home of the J1 serial console. Windows 2001: "I'm sorry Dave ... I'm afraid I can't do that." From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Mon, 13 Aug 2001 15:49:56 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Mon, 13 Aug 2001 15:49:46 -0400 Received: from mail-klh.telecentrum.de ([213.69.31.130]:61960 "EHLO mail-klh.telecentrum.de") by vger.kernel.org with ESMTP id ; Mon, 13 Aug 2001 15:49:37 -0400 Message-ID: <3B782F19.53010F57@topit.de> Date: Mon, 13 Aug 2001 21:48:41 +0200 From: Ronald Jeninga Reply-To: rj@topit.de X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.2.19 i686) X-Accept-Language: en MIME-Version: 1.0 To: Mircea Ciocan CC: Linux Kernel List Subject: Re: Is there something that can be done against this ??? In-Reply-To: <3B7822E5.9AE35D4A@interplus.ro> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org I'll have to dissapoint you, worked perfect over here (Kernel 2.2.19, ld version 2.9.5 (with BFD 2.9.5.0.24), libc-2.1.3-141). feeling uncomfortable, Ronald Mircea Ciocan wrote: > > The attached piece of script kiddie shit is the first one that worked > flawlessly on my Mandrake box :((( ( kernel 2.4.7ac2, glibc-2.2.3 ), > instant root access !!!. > I was stunned, and it seem that is the beginning of a Linux Code Red > lookalike worm :(((( using that exploit, probably this is not the most > apropriate place to send this, but I'm not subscribed to the glibc > mailing list and I just hope that some glibc hackers are on linux kernel > list also and they see that and do something before we join the ranks of > M$. > > Dead worried, > > Mircea C. > > P.S. Please tell me that I'm just being parnoid and that crap didn't > work on your systems with a lookalike configuration. > > -------------------------------------------------------------------------------- > Name: smile.sh > smile.sh Type: Bourne Shell Program (application/x-sh) > Encoding: quoted-printable From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Mon, 13 Aug 2001 16:02:38 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Mon, 13 Aug 2001 16:02:27 -0400 Received: from chaos.analogic.com ([204.178.40.224]:21634 "EHLO chaos.analogic.com") by vger.kernel.org with ESMTP id ; Mon, 13 Aug 2001 16:02:14 -0400 Date: Mon, 13 Aug 2001 16:02:06 -0400 (EDT) From: "Richard B. Johnson" Reply-To: root@chaos.analogic.com To: Mircea Ciocan cc: Alan Cox , Linux Kernel List Subject: Re: Is there something that can be done against this ??? In-Reply-To: <3B7822E5.9AE35D4A@interplus.ro> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org On Mon, 13 Aug 2001, Mircea Ciocan wrote: > The attached piece of script kiddie shit is the first one that worked > flawlessly on my Mandrake box :((( ( kernel 2.4.7ac2, glibc-2.2.3 ), > instant root access !!!. > I was stunned, and it seem that is the beginning of a Linux Code Red > lookalike worm :(((( using that exploit, probably this is not the most > apropriate place to send this, but I'm not subscribed to the glibc > mailing list and I just hope that some glibc hackers are on linux kernel > list also and they see that and do something before we join the ranks of > M$. > > Dead worried, > > Mircea C. > It's a neat trick. It just replaces some 'C' runtime library functions with do-nothing functions that return success for the user. It could even replace file I/O stuff so the user changes directory, but what `ls` shows, never changes (or is blank). A nice preload object library could be created that could make a good April-fool joke. You've got about 1/2 year to work on it! Install it in /lib, and when you want to cause havoc, modify the target's ~/.bashrc file. Cheers, Dick Johnson Penguin : Linux version 2.4.1 on an i686 machine (799.53 BogoMips). I was going to compile a list of innovations that could be attributed to Microsoft. Once I realized that Ctrl-Alt-Del was handled in the BIOS, I found that there aren't any. From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Mon, 13 Aug 2001 16:09:18 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Mon, 13 Aug 2001 16:09:08 -0400 Received: from athena.intergrafix.net ([206.245.154.69]:17370 "HELO athena.intergrafix.net") by vger.kernel.org with SMTP id ; Mon, 13 Aug 2001 16:08:53 -0400 Date: Mon, 13 Aug 2001 16:09:06 -0400 (EDT) From: Admin Mailing Lists To: Linux Kernel List Subject: Re: Is there something that can be done against this ??? In-Reply-To: <3B782868.95729E1E@interplus.ro> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org On Mon, 13 Aug 2001, Mircea Ciocan wrote: > OK, I realized is a hoax, I should look at the code first then cry the > wolf is comming :), but anyhow this crap is VERY effective in > demonstrating to a clueless IT manager that Linux is oh, sooo easy to > break in. > So at least to learn something from this, is there a way to stop > completly that crap ??? yeah, murder your clueless IT manager..rinse..repeat..until they hire a non-clueless one. just a suggestion. -Tony .-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-. Anthony J. Biacco Network Administrator/Engineer thelittleprince@asteroid-b612.org Intergrafix Internet Services "Dream as if you'll live forever, live as if you'll die today" http://www.asteroid-b612.org http://www.intergrafix.net .-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-. From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Mon, 13 Aug 2001 18:01:39 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Mon, 13 Aug 2001 18:01:29 -0400 Received: from perninha.conectiva.com.br ([200.250.58.156]:1285 "HELO perninha.conectiva.com.br") by vger.kernel.org with SMTP id ; Mon, 13 Aug 2001 18:01:19 -0400 Date: Mon, 13 Aug 2001 19:01:25 -0300 (BRST) From: Rik van Riel X-X-Sender: To: Mircea Ciocan Cc: Ulrich Drepper , Alan Cox , Linux Kernel List Subject: Re: Is there something that can be done against this ??? In-Reply-To: <3B782868.95729E1E@interplus.ro> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org On Mon, 13 Aug 2001, Mircea Ciocan wrote: > So at least to learn something from this, is there a way > to stop completly that crap ??? Disable printf() ;) Rik -- IA64: a worthy successor to the i860. http://www.surriel.com/ http://www.conectiva.com/ http://distro.conectiva.com/ From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Mon, 13 Aug 2001 21:40:04 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Mon, 13 Aug 2001 21:39:09 -0400 Received: from itvu-63-210-168-13.intervu.net ([63.210.168.13]:16266 "EHLO pga.intervu.net") by vger.kernel.org with ESMTP id ; Mon, 13 Aug 2001 21:38:27 -0400 Message-ID: <3B7882CF.D8CE4A0@randomlogic.com> Date: Mon, 13 Aug 2001 18:45:51 -0700 From: "Paul G. Allen" X-Mailer: Mozilla 4.76 [en] (X11; U; Linux 2.4.2-2 i686) X-Accept-Language: en MIME-Version: 1.0 CC: Linux Kernel List Subject: Re: S2464 (K7 Thunder) hangs -- some lessons learned In-Reply-To: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit To: unlisted-recipients:; (no To-header on input)@localhost.localdomain Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Alan Cox wrote: > > > I don't know what version we have. Is there a way to query it through /proc? > > You need to look at the lspci hex data. There's an errata document for the > MP chipset on www.amd.com if you realyl want to scare yourself 8) > I don't find the errata. Can you hold my hand and point me to it? :) PGA -- Paul G. Allen UNIX Admin II/Programmer Akamai Technologies, Inc. www.akamai.com Work: (858)909-3630 Cell: (858)395-5043 From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Tue, 14 Aug 2001 04:02:27 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Tue, 14 Aug 2001 04:02:18 -0400 Received: from tangens.hometree.net ([212.34.181.34]:695 "EHLO mail.hometree.net") by vger.kernel.org with ESMTP id ; Tue, 14 Aug 2001 04:02:07 -0400 To: linux-kernel@vger.kernel.org Path: forge.intermeta.de!not-for-mail From: "Henning P. Schmiedehausen" Newsgroups: hometree.linux.kernel Subject: Re: Is there something that can be done against this ??? Date: Tue, 14 Aug 2001 08:02:20 +0000 (UTC) Organization: INTERMETA - Gesellschaft fuer Mehrwertdienste mbH Message-ID: <9laluc$b2e$1@forge.intermeta.de> In-Reply-To: <3B7822E5.9AE35D4A@interplus.ro> Reply-To: hps@intermeta.de NNTP-Posting-Host: forge.intermeta.de X-Trace: tangens.hometree.net 997776140 30696 212.34.181.4 (14 Aug 2001 08:02:20 GMT) X-Complaints-To: news@intermeta.de NNTP-Posting-Date: Tue, 14 Aug 2001 08:02:20 +0000 (UTC) X-Copyright: (C) 1996-2001 Henning Schmiedehausen X-No-Archive: yes X-Newsreader: NN version 6.5.1 (NOV) Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Mircea Ciocan writes: > The attached piece of script kiddie shit is the first one that worked bash-2.04# less /etc/shadow /etc/shadow: Permission denied It _is_ shit. Nothing more. "Faked root". Yawn. Regards Henning -- Dipl.-Inf. (Univ.) Henning P. Schmiedehausen -- Geschaeftsfuehrer INTERMETA - Gesellschaft fuer Mehrwertdienste mbH hps@intermeta.de Am Schwabachgrund 22 Fon.: 09131 / 50654-0 info@intermeta.de D-91054 Buckenhof Fax.: 09131 / 50654-20 From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Tue, 14 Aug 2001 04:16:29 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Tue, 14 Aug 2001 04:16:19 -0400 Received: from home.paris.trader.com ([195.68.19.162]:26736 "EHLO smtp-gw.netclub.com") by vger.kernel.org with ESMTP id ; Tue, 14 Aug 2001 04:16:06 -0400 Message-ID: <3B78DE6D.E8DB6B7C@trader.com> Date: Tue, 14 Aug 2001 10:16:45 +0200 From: joseph.bueno@trader.com X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.5-5mdk i686) X-Accept-Language: en MIME-Version: 1.0 To: Mircea Ciocan CC: Linux Kernel List Subject: Re: Is there something that can be done against this ??? In-Reply-To: <3B7822E5.9AE35D4A@interplus.ro> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Mircea Ciocan wrote: > > The attached piece of script kiddie shit is the first one that worked > flawlessly on my Mandrake box :((( ( kernel 2.4.7ac2, glibc-2.2.3 ), > instant root access !!!. > I was stunned, and it seem that is the beginning of a Linux Code Red > lookalike worm :(((( using that exploit, probably this is not the most > apropriate place to send this, but I'm not subscribed to the glibc > mailing list and I just hope that some glibc hackers are on linux kernel > list also and they see that and do something before we join the ranks of > M$. > > Dead worried, > > Mircea C. > > P.S. Please tell me that I'm just being parnoid and that crap didn't > work on your systems with a lookalike configuration. > > ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ > Name: smile.sh > smile.sh Type: Bourne Shell Program (application/x-sh) > Encoding: quoted-printable Hi, The question is not : "is this script dangerous ?", but "are you ready to blindly execute a shell script (or any program) that you receive in your mail ?". I don't care if this script is dangerous or not because I will never execute it, or any program that I receive my email before checking its contents and making sure it is OK. (And my mail reader will not execute anything automatically, not even Javascript). If somebody is dumb enough to execute any program received by email, don't loose time trying to find some weaknesses in the system; just send him a shell script with "rm -rf /". It will do enough harm ! Best protection against mail virus is not technical (although it may help), but user education; and this is true regardless of which operating system or mail reader is used ! Regards -- Joseph Bueno NetClub/Trader.com From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Tue, 14 Aug 2001 04:13:39 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Tue, 14 Aug 2001 04:13:30 -0400 Received: from hermine.idb.hist.no ([158.38.50.15]:23562 "HELO hermine.idb.hist.no") by vger.kernel.org with SMTP id ; Tue, 14 Aug 2001 04:13:16 -0400 Message-ID: <3B78DD58.3DE697D2@idb.hist.no> Date: Tue, 14 Aug 2001 10:12:08 +0200 From: Helge Hafting X-Mailer: Mozilla 4.76 [en] (X11; U; Linux 2.4.8-pre8 i686) X-Accept-Language: no, en MIME-Version: 1.0 To: Mircea Ciocan , linux-kernel@vger.kernel.org Subject: Re: Is there something that can be done against this ??? In-Reply-To: <3B7822E5.9AE35D4A@interplus.ro> <3B782868.95729E1E@interplus.ro> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Mircea Ciocan wrote: > > OK, I realized is a hoax, I should look at the code first then cry the > wolf is comming :), but anyhow this crap is VERY effective in > demonstrating to a clueless IT manager that Linux is oh, sooo easy to > break in. Good. I don't want a clueless it manager administrating a linux box anyway. Of course the same applies to NT. Try creating a unprivileged account named "administrator" with full access to a faked control panel. Or for something a little easier - a fake program named "format" or "deltree" that writes the same on screen as the real thing. And makes the disk click by seeking. :-) Any os is sooo easy to simulate a break in. > So at least to learn something from this, is there a way to stop > completly that crap ??? Don't work for a manager that clueless - or tell him it's a hoax. Helge Hafting From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Tue, 14 Aug 2001 06:01:06 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Tue, 14 Aug 2001 06:00:57 -0400 Received: from mail.webmaster.com ([216.152.64.131]:50054 "EHLO shell.webmaster.com") by vger.kernel.org with ESMTP id ; Tue, 14 Aug 2001 06:00:49 -0400 From: "David Schwartz" To: , "Mircea Ciocan" Cc: "Linux Kernel List" Subject: RE: Is there something that can be done against this ??? Date: Tue, 14 Aug 2001 03:00:58 -0700 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2479.0006 Importance: Normal In-Reply-To: <3B78DE6D.E8DB6B7C@trader.com> Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org > The question is not : "is this script dangerous ?", > but "are you ready to blindly execute a shell script > (or any program) that you receive in your mail ?". Sure, as a user created solely for that purpose, it should be entirely safe. > I don't care if this script is dangerous or not because I will > never execute it, > or any program that I receive my email before checking its > contents and making sure > it is OK. > (And my mail reader will not execute anything automatically, not > even Javascript). Why? Is it because you don't trust your system security? Your operating system shouldn't let the script do anything you don't want it to do. > If somebody is dumb enough to execute any program received by email, > don't loose time trying to find some weaknesses in the system; just > send him a shell script with "rm -rf /". It will do enough harm ! That should do no harm. What you mean to say is "if somebody is dumb enough to execute any program recieved by email under a user account that has permissions to modify files he cares about, consume too many process slots, consume excessive vm, or has other special capabilities". > Best protection against mail virus is not technical (although it > may help), > but user education; and this is true regardless of which operating system > or mail reader is used ! If a user can run code that can harm the system, then nobody who isn't trusted not to harm the system can be a user. That's not how we want Linux to be, is it? DS From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Tue, 14 Aug 2001 08:43:49 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Tue, 14 Aug 2001 08:43:39 -0400 Received: from hermine.idb.hist.no ([158.38.50.15]:15 "HELO hermine.idb.hist.no") by vger.kernel.org with SMTP id ; Tue, 14 Aug 2001 08:43:24 -0400 Message-ID: <3B791CA8.29E97814@idb.hist.no> Date: Tue, 14 Aug 2001 14:42:16 +0200 From: Helge Hafting X-Mailer: Mozilla 4.76 [en] (X11; U; Linux 2.4.8-pre8 i686) X-Accept-Language: no, en MIME-Version: 1.0 To: David Schwartz , linux-kernel@vger.kernel.org Subject: Re: Is there something that can be done against this ??? In-Reply-To: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org David Schwartz wrote: > > > The question is not : "is this script dangerous ?", > > but "are you ready to blindly execute a shell script > > (or any program) that you receive in your mail ?". > > Sure, as a user created solely for that purpose, it should be entirely > safe. It definitely ought to be safe. But don't run any script people mail you in a test account - you'll be sorry when they exploit a bug in your kernel or perhaps one of your trusted daemons... Helge Hafting From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Tue, 14 Aug 2001 09:16:30 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Tue, 14 Aug 2001 09:16:20 -0400 Received: from home.paris.trader.com ([195.68.19.162]:46296 "EHLO smtp-gw.netclub.com") by vger.kernel.org with ESMTP id ; Tue, 14 Aug 2001 09:16:07 -0400 Message-ID: <3B7924C7.31923A8@trader.com> Date: Tue, 14 Aug 2001 15:16:55 +0200 From: joseph.bueno@trader.com X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.5-5mdk i686) X-Accept-Language: en MIME-Version: 1.0 To: David Schwartz =?ISO-8859-1?Q?=1A?= CC: Linux Kernel List Subject: Re: Is there something that can be done against this ??? In-Reply-To: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org David Schwartz wrote: > > > The question is not : "is this script dangerous ?", > > but "are you ready to blindly execute a shell script > > (or any program) that you receive in your mail ?". > > Sure, as a user created solely for that purpose, it should be entirely > safe. > How many users are there that use a specific user account to read their emails on their Linux workstation ? I don't, I use my account to read mails, write documents, develop programs,etc. So even if a malicious program does not do any arm to the system, it can at least destroy or corrupt my own files and I will loose time restoru=ing from last backup and rebuilding recently modified files. > > I don't care if this script is dangerous or not because I will > > never execute it, > > or any program that I receive my email before checking its > > contents and making sure > > it is OK. > > (And my mail reader will not execute anything automatically, not > > even Javascript). > > Why? Is it because you don't trust your system security? Your operating > system shouldn't let the script do anything you don't want it to do. Yes I trust my system security. But even the system is not affected, since the script will run with my userid, it will be able to do everything I am allowed to do. > > > If somebody is dumb enough to execute any program received by email, > > don't loose time trying to find some weaknesses in the system; just > > send him a shell script with "rm -rf /". It will do enough harm ! > > That should do no harm. What you mean to say is "if somebody is dumb enough > to execute any program recieved by email under a user account that has > permissions to modify files he cares about, consume too many process slots, > consume excessive vm, or has other special capabilities". It was just a one line example. Even if does not do any harm to system files, it will harm my own files ! BTW, how many people are positively sure that they can run "su nobody -c rm -rf /" on their system without loosing anything ? > > > Best protection against mail virus is not technical (although it > > may help), > > but user education; and this is true regardless of which operating system > > or mail reader is used ! > > If a user can run code that can harm the system, then nobody who isn't > trusted not to harm the system can be a user. That's not how we want Linux > to be, is it? Well, you are right; but even if a user does not harm the system, he will harm himself and there is no way the system can protect him against it. So we are back to my point: user protection comes from user education. > > DS > Regards -- Joseph Bueno NetClub/Trader.com From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Tue, 14 Aug 2001 14:24:33 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Tue, 14 Aug 2001 14:24:24 -0400 Received: from mail.webmaster.com ([216.152.64.131]:64915 "EHLO shell.webmaster.com") by vger.kernel.org with ESMTP id ; Tue, 14 Aug 2001 14:24:19 -0400 From: "David Schwartz" To: "Helge Hafting" , Subject: RE: Is there something that can be done against this ??? Date: Tue, 14 Aug 2001 10:10:24 -0700 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <3B791CA8.29E97814@idb.hist.no> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2479.0006 Importance: Normal Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org > David Schwartz wrote: > > > The question is not : "is this script dangerous ?", > > > but "are you ready to blindly execute a shell script > > > (or any program) that you receive in your mail ?". > > Sure, as a user created solely for that purpose, it > > should be entirely > > safe. > It definitely ought to be safe. But don't run any script people mail > you in a test account - you'll be sorry when they exploit a bug in > your kernel or perhaps one of your trusted daemons... Well that's my point. If you don't feel comfortable doing this, it's because you suspect that something is wrong with your system's security. Of course, we don't go testing how scratch-resistant our glasses are by attempting to scratch them. In principle, however, it should be safe from an OS standpoint assuming your system has been configured to be secure. DS From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Tue, 14 Aug 2001 14:40:23 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Tue, 14 Aug 2001 14:40:07 -0400 Received: from 64-42-29-14.atgi.net ([64.42.29.14]:5905 "HELO mail.clouddancer.com") by vger.kernel.org with SMTP id ; Tue, 14 Aug 2001 14:39:39 -0400 To: linux-kernel@vger.kernel.org Subject: Re: Is there something that can be done against this ??? In-Reply-To: <9lb8vp$10q$1@ns1.clouddancer.com> In-Reply-To: <3B7924C7.31923A8@trader.com> <9lb8vp$10q$1@ns1.clouddancer.com> Reply-To: klink@clouddancer.com Message-Id: <20010814163452.3046E783F5@mail.clouddancer.com> Date: Tue, 14 Aug 2001 09:34:52 -0700 (PDT) From: klink@clouddancer.com (Colonel) Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org In clouddancer.list.kernel, you wrote: > >David Schwartz wrote: >> >> > The question is not : "is this script dangerous ?", >> > but "are you ready to blindly execute a shell script >> > (or any program) that you receive in your mail ?". >> >> Sure, as a user created solely for that purpose, it should be entirely >> safe. >> > >How many users are there that use a specific user account to read >their emails on their Linux workstation ? >I don't, I use my account to read mails, write documents, >develop programs,etc. So even if a malicious program does >not do any arm to the system, it can at least destroy or corrupt my >own files and I will loose time restoru=ing from last backup and >rebuilding recently modified files. Anybody that can think probably does that. First they think that setting up a test user takes a few seconds, then they think that restoring from backup takes at least 100x longer.... -- Windows 2001: "I'm sorry Dave ... I'm afraid I can't do that." From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Tue, 14 Aug 2001 18:01:24 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Tue, 14 Aug 2001 18:01:13 -0400 Received: from snark.tuxedo.org ([207.106.50.26]:5636 "EHLO snark.thyrsus.com") by vger.kernel.org with ESMTP id ; Tue, 14 Aug 2001 18:01:01 -0400 Date: Tue, 14 Aug 2001 17:27:33 -0400 From: "Eric S. Raymond" To: Alan Cox Cc: Linux Kernel List Subject: Re: S2464 (K7 Thunder) hangs -- some lessons learned Message-ID: <20010814172733.B4772@thyrsus.com> Reply-To: esr@thyrsus.com Mail-Followup-To: "Eric S. Raymond" , Alan Cox , Linux Kernel List In-Reply-To: <20010813115214.A23591@thyrsus.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from alan@lxorguk.ukuu.org.uk on Mon, Aug 13, 2001 at 05:00:54PM +0100 Organization: Eric Conspiracy Secret Labs X-Eric-Conspiracy: There is no conspiracy Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Alan Cox : > http://www.amd.com/products/cpg/athlon/techdocs/index.html#chipset > > Its the AMD760tm MP - really Got it. I read the docs. So what are the implications of running in no-IOAPIC mode? Performance loss? -- Eric S. Raymond A nation or civilization that continues to produce soft-minded men purchases its own spiritual death on an installment plan. --Martin Luther King, Jr. From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Tue, 14 Aug 2001 18:11:33 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Tue, 14 Aug 2001 18:11:24 -0400 Received: from router-100M.swansea.linux.org.uk ([194.168.151.17]:2310 "EHLO the-village.bc.nu") by vger.kernel.org with ESMTP id ; Tue, 14 Aug 2001 18:11:20 -0400 Subject: Re: S2464 (K7 Thunder) hangs -- some lessons learned To: esr@thyrsus.com Date: Tue, 14 Aug 2001 23:13:53 +0100 (BST) Cc: alan@lxorguk.ukuu.org.uk (Alan Cox), linux-kernel@vger.kernel.org (Linux Kernel List) In-Reply-To: <20010814172733.B4772@thyrsus.com> from "Eric S. Raymond" at Aug 14, 2001 05:27:33 PM X-Mailer: ELM [version 2.5 PL5] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-Id: From: Alan Cox Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org > So what are the implications of running in no-IOAPIC mode? Performance loss? Slight performance hit. For the moment Im interested to know if it helps, as a guess Alan From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Wed, 15 Aug 2001 05:10:08 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Wed, 15 Aug 2001 05:09:58 -0400 Received: from hermine.idb.hist.no ([158.38.50.15]:10256 "HELO hermine.idb.hist.no") by vger.kernel.org with SMTP id ; Wed, 15 Aug 2001 05:09:48 -0400 Message-ID: <3B7A3C03.3FD293CD@idb.hist.no> Date: Wed, 15 Aug 2001 11:08:19 +0200 From: Helge Hafting X-Mailer: Mozilla 4.76 [en] (X11; U; Linux 2.4.8-pre8 i686) X-Accept-Language: no, en MIME-Version: 1.0 To: joseph.bueno@trader.com CC: linux-kernel@vger.kernel.org Subject: Re: Is there something that can be done against this ??? In-Reply-To: <3B7924C7.31923A8@trader.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org joseph.bueno@trader.com wrote: [...] > How many users are there that use a specific user account to read > their emails on their Linux workstation ? > I don't, I use my account to read mails, write documents, > develop programs,etc. So even if a malicious program does > not do any arm to the system, it can at least destroy or corrupt my > own files and I will loose time restoru=ing from last backup and > rebuilding recently modified files. > So you aren't reading mail as root - which is what any windows user do. I believe few people read mail from a "mail-only" account, but reading the mail is seldom dangerous. If someone mails you a unknown program though - definitely run that from a test account if you tries it at all. Helge Hafting From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Wed, 15 Aug 2001 15:00:54 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Wed, 15 Aug 2001 15:00:44 -0400 Received: from [205.201.12.35] ([205.201.12.35]:49786 "EHLO odin.buserror.net") by vger.kernel.org with ESMTP id ; Wed, 15 Aug 2001 15:00:39 -0400 Date: Tue, 14 Aug 2001 13:47:21 -0400 To: David Schwartz Cc: Linux Kernel List Subject: Re: Is there something that can be done against this ??? Message-ID: <20010814134721.A28589@odin> In-Reply-To: <3B78DE6D.E8DB6B7C@trader.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from davids@webmaster.com on Tue, Aug 14, 2001 at 03:00:58AM -0700 From: Scott Wood Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Aug 14, 2001 at 03:00:58AM -0700, David Schwartz wrote: > Why? Is it because you don't trust your system security? Your operating > system shouldn't let the script do anything you don't want it to do. Anything? How will it be prevented from being used to attack other machines (other than attacks that require root on the attacking machine), or to relay spam, or to act as a warez/mp3/whatever server (sure, quotas could be used, but are they? And even if they are, does it have enough space for a few small titles)? And if that account is also used for mail reading, it could send your mailbox to the attacker, delete or alter your mail, etc. It'd also have access to a bunch of e-mail addresses that it could forward itself to. > That should do no harm. What you mean to say is "if somebody is dumb enough > to execute any program recieved by email under a user account that has > permissions to modify files he cares about, consume too many process slots, > consume excessive vm, or has other special capabilities". And by default, even the nobody user can use virtually all the memory or processes it wants. Even with only a few process slots, it could steal a decent amount of CPU cycles (hmm... a distributed.net worm? :-). > If a user can run code that can harm the system, then nobody who isn't > trusted not to harm the system can be a user. That's not how we want Linux > to be, is it? If you define "harm the system" as perform any unauthorized externally-visible (relative to the sandbox) action, then Linux is a *long* way from achieving that. -Scott