The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


Linux, too, sot of (Windows MS-DOS Device Name DoS vulnerabilities)


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: Wed, 18 Jul 2001 20:30:26 +0100 (BST)
From: Richard Kettlewell <[email protected]>
To: "[email protected]" <[email protected]>
Subject: Linux, too, sot of (Windows MS-DOS Device Name DoS vulnerabilities)

Ishikawa <[email protected]> writes:

> One may be tempted to block all the files below /dev inside
> the browser/servers.

If I ask my currently running web browser to open
file:/proc/self/fd/3, it gets /dev/zero, and starts burning CPU and
disc (until it runs out).

There's some pipes in there too, which presumably have internal
significance to the executing program; if I'd started it from a
terminal there'd be some FDs onto that.  I'm sure there are all sorts
of possibilities for disruption.

Special files outside /dev constitute as much of a risk as the
contents of /dev.

> Could this be a cure for this problem under linux/UNIX?
> (Yes, I know we can have devices under different places.
> But I am not sure if the devices under non-stanard  places
> can be used for DoS attacks in the browser context
> I mentioned above.)

A better answer might be to stat the file, and reject it if it not a
regular file.  Another approach would be to forbid inlining "file:"
URLs from external pages, as described at
http://bugzilla.mozilla.org/show_bug.cgi?id=91316

ttfn/rjk

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру