OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Bugtraq archives for 3rd quarter (Jul-Sep) 1998: Re: Fwd: Any user can panic OpenBSD machine

Re: Fwd: Any user can panic OpenBSD machine

Michael Jennings (mejtcserv.com)
Tue, 28 Jul 1998 14:55:36 -0400 

On Tuesday, 28 July 1998, at 12:21:55 (-0600),
Theo de Raadt <deraadtcvs.openbsd.org> wrote:

> But those are
>
>       REMOTE ATTACKS.

True, but the point remains.  Despite the fact that *BSD and Linux
are more often used on single-user workstations than large servers,
both OS's are gaining acceptance in the latter arena.  As such, it
is wise to be aware of methods for local users to Do Bad Things (tm).

If a single user on a 500-user system can crash the machine by
running a simple program, even without getting root, the sysadmin is
likely to have 499 royally-annoyed users wanting answers, and he'd
best have some to give if he likes his job.

> Surely you can tell the difference between a remote attack and a local
> attack.

Of course.  But local exploits are still exploits, except in the case
of single-user-login systems, which I believe the free *NIXes moving
away from.

> Ob-BUGTRAQ-Posting:
>
> If you are logged into an NT box, you can type CTRL-ALT-DEL and take
> the system down.

Ok, so NT is a bad example.  :-)  Such a post WRT Linux would be
equally stupid.  However, we're talking about stuff *local users* can
do, not just someone who has access to the console.

Michael

--
 "I've been looking for a Savior in these dirty streets,
  Looking for a Savior beneath these dirty sheets."
                                               -- Tori Amos, "Crucify"
=======================================================================
Michael Jennings        http://www.tcserv.com/         <mejtcserv.com>
Senior Systems Engineer, Synectics, Inc.      http://www.synectics.com/