possible pty DoS

2000-12-20 Thread berndj 

hello all

I am not subscribed to linux-kernel*; please CC any follow-ups to
[EMAIL PROTECTED] (I probably won't reply from 2000-12-22 to 2001-01-07)

I am running 2.4.0-test12-pre2

This snippet can prevent progress of any other processes that tries to do
a write to a pty:


#include 
#include 

int main()
{
int ptm;
ptm = open("/dev/ptmx", O_WRONLY);
while (1)
write(ptm, "hello, world!\n", 14);
}


With this running, and no process eating up the greetings, I can telnet to
my machine; the banner and login prompt appear.  ps -alx at this point
reveals in.telnetd is in do_select().  As soon as I type even one char of
username, another ps reveals in.telnetd now stuck in __down_interruptible()

Lucky I usually leave a few logged in consoles lying around; xterm also
uses pty's!

Some observations:

2.2.12 behaves fine (telnet logins work fine)

2.2.12-2.4.0 diffs between tty_io.c show changes involving up/down/etc. in
do_tty_write().


Bernd Jendrissek
P.S. apologies to all for my void * arithmetic a few months ago; it was a
moment of eager-beaver weakness.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.tux.org/lkml/

possible pty DoS

2000-12-20 Thread berndj 

hello all

I am not subscribed to linux-kernel*; please CC any follow-ups to
[EMAIL PROTECTED] (I probably won't reply from 2000-12-22 to 2001-01-07)

I am running 2.4.0-test12-pre2

This snippet can prevent progress of any other processes that tries to do
a write to a pty:


#include sys/fcntl.h
#include unistd.h

int main()
{
int ptm;
ptm = open("/dev/ptmx", O_WRONLY);
while (1)
write(ptm, "hello, world!\n", 14);
}


With this running, and no process eating up the greetings, I can telnet to
my machine; the banner and login prompt appear.  ps -alx at this point
reveals in.telnetd is in do_select().  As soon as I type even one char of
username, another ps reveals in.telnetd now stuck in __down_interruptible()

Lucky I usually leave a few logged in consoles lying around; xterm also
uses pty's!

Some observations:

2.2.12 behaves fine (telnet logins work fine)

2.2.12-2.4.0 diffs between tty_io.c show changes involving up/down/etc. in
do_tty_write().


Bernd Jendrissek
P.S. apologies to all for my void * arithmetic a few months ago; it was a
moment of eager-beaver weakness.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.tux.org/lkml/