Slashdot Mirror

← Back to Stories (view on slashdot.org)

Some Linux Distros Found Vulnerable By Default

Posted by Zonk on from the change-the-settings dept.

TuringTest writes "Security Focus carries an article about a security compromise found on several major distros due to bad default settings in the Linux kernel. 'It's a sad day when an ancient fork bomb attack can still take down most of the latest Linux distributions', says the writer. The attack was performed by spawning lots of processes from a normal user shell. Is interesting to note that Debian was not among the distros that fell to the attack. The writer also praises the OpenBSD policy of Secure by Default."

21 of 541 comments (clear)

  1. Fork vulnerability by madaxe42 · · Score: 5, Funny

    Kittens are vulnerable to forks by default as well - you can easily get at the kernel if you just - oh, hang on, a different kind of fork, you say?

  2. Thank god I use Windows by Anonymous Coward · · Score: 5, Funny

    Thank god I use Windows, I'm safe!

    1. Re:Thank god I use Windows by rokzy · · Score: 5, Funny

      only if you're running XP Starter Edition!

    2. Re:Thank god I use Windows by LiquidCoooled · · Score: 5, Funny

      No, with XP starter, you are restricted to running only 3 trojans at once.

      --
      liqbase :: faster than paper
    3. Re:Thank god I use Windows by anakin357 · · Score: 5, Funny
      No, with XP starter, you are restricted to running only 3 trojans at once.

      Possible obvious responses:

      Only 3 trojans? I'm a self-replicating-trojan author you insensitive clod.

      So I can only run three instances of Internet Explorer at once?

      Customer: Whenever I try to start a second program, it gives me an error...
      Techie: Yeah, you can't run Gator, Precision Time, Weatherbug AND something else... you've gotta turn something off.
      Customer: (incredulous)WHAT!!?? I NEED TO KNOW WHAT TIME IT IS, SAVE MY PASSWORDS, AND KNOW WHAT THE WEATHER IS LIKE OUTSIDE.
      Techie: (mutes customer): "Fucking Chuck Noris, all those goddamn ninjas had to go after the pirates."

      --
      http://www.fsckin.com/
  3. Re:How long? by biendamon · · Score: 2, Funny

    Let's see how long it will take before someone says the study is invalid...

    The study is invalid!!!

  4. New Plug Vulnerability found! by Anonymous Coward · · Score: 5, Funny

    Unprivileged user can take down entire system by unplugging machine from power socket.

  5. And in other news... by flumps · · Score: 2, Funny

    ... some birds fly south for the winter, my belly sometimes makes gurgling noises and jam tastes nice on toast.

    So what? Publish the vunerabilities, patch them, move on. Sheesh..

    --
    "So there he is, risen from the dead. Like that fella, E. T." - Father Ted Crilly
  6. Re:Debian not vulnerable? by initsix · · Score: 3, Funny

    Sweet!
    mark@stewie:~$ w
    11:11:04 up 216 days, 19:50, 2 users, load average: 258.41, 767.84, 339.94

  7. Re:Sheesh, it's a fork bomb by tlhIngan · · Score: 2, Funny

    int main() {
    while(1)
    fork() ;

    return 0 ;
    }

    On a modern Unix/Unix-like system, you often have Perl. Save yourself the effort of compiling:

    perl -e 'while(1){fork()}'

    One thing I always liked to do was run this for about 1 minute, hit Ctrl-C, and see how long until the kernel finally manages to reap all the child processes and the system returns back to normal. Usually can take anywhere from 30 seconds to a couple of minutes before the system becomes responsive again.

    (It *is* a great way to get impressive loadaverages of 500+ though!).

  8. Re:Reminds me of DoS: Pingfork! by caluml · · Score: 5, Funny
    I seriously thought of posting this to a few script kiddie sites

    ...and now you have :)

    --
    Get your own free personal location tracker
  9. Re:Sheesh, it's a fork bomb by halivar · · Score: 2, Funny

    And if you are administrating a true multi-user old-style-Unix type server, you should know enough to stop people fork bombing you (i.e. quotas).

    Or you can switch back to MS-DOS. Just one process; ultimate security!

  10. Re:Sheesh, it's a fork bomb by Anonymous Coward · · Score: 1, Funny

    Come on, I love Linux but the hypocrocy is a bit much ;-) Its OK to admit it was bad or admit MS's settings were OK, but you cannot do both.

    This is just another example how Microsoft continuously neglects the security issues of its...oh its on Linux?!?...errr

    Linux is an innovator in making itself user friendly by implementing a feature like this...

  11. Re:How long? by Kong+the+Medium · · Score: 2, Funny

    And the answer is:

    5 minutes.

    --
    ... whenever a text is transmitted, variation occurs. This is because human beings are careless, fallible, and occasiona
  12. Speaking of insecure.... by JohnTheFisherman · · Score: 4, Funny

    Many Linux users found to be insecure whenever the faults in their OS are pointed out. ;)

    --
    +5:offtopic,but anti-American
  13. ahh... by Anonymous Coward · · Score: 2, Funny

    open source development

  14. Re:Kittens by Anonymous Coward · · Score: 1, Funny

    I've heard that kittens are even more vulnerable to people who indulge in self-gratification.

  15. Re:Forget security, what about innocent mistakes? by ssj_195 · · Score: 2, Funny
    Nevertheless, that doesn't stop a misbehaving program from accidentally fork-bombing the system
    I fork-bombed myself by using the Folding At Home gkrellm plug-in, once. It has an option to restart the F@H client whenever it stops, which I selected. Unfortunately, the code for detecting whether or not a F@H process was already running appeared to be faulty, and 1 minute later I had to reach for the reset switch.

    It's a shame I don't have a couple of hundred processors in my desktop PC, else I would have folded the fuck out of some proteins :)

  16. Re:"Secure By Default"? by halber_mensch · · Score: 2, Funny

    Clearly, OpenBSD should re-evaluate its install process. The fact that OpenBSD installs so many exploitable executables like "ftpd", "telnet", "ping", "sed", "awk", "more", "grep", "ls", "mv", "sh", "getty" and "init" only details just how insecure the operating system really is by default. This kind of oversight should simply not be allowed. Yes, some old folks in the community may argue that some of these binaries that are piggy-backed on the operating system are "essential tools" for "interacting with the system", but those poor souls would be overlooking the seriously dangerous nature that allowing executable binaries to install on a live system presents.

    --
    perl -e "eval pack(q{H*},join q{},qw{70 72696e74207061636b28717b482a7d2c717b343 637323635363534323533343430617d293b})"
  17. vulnerable because of ssh, not like cmd by planckscale · · Score: 2, Funny
    YEah because you can ssh like into almost any linux box. Not so in windows. That's why I use windows. In windows, you open up a command prompt, and then if you type in the command:

    c:\>cmd 192.168.0.101

    it brings you right back to the command prompt:

    Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp.

    That's security right there. You can't even get a command prompt from another box within command.

    --
    Namaste
  18. OMG, rm -rf / still works as root too!! by fatboy · · Score: 2, Funny

    OMG, rm -rf / still works as root too!!

    Why is Linux still vulnerable by default?

    --
    --fatboy