User: Password:
Subscribe / Log in / New account

Known-exploit detection for the kernel

Known-exploit detection for the kernel

Posted Jan 6, 2014 13:22 UTC (Mon) by nix (subscriber, #2304)
In reply to: Known-exploit detection for the kernel by speedster1
Parent article: Known-exploit detection for the kernel

Locking an account *is* a DoS for the account's legitimate owner.

(Log in to post comments)

Known-exploit detection for the kernel

Posted Jan 7, 2014 2:59 UTC (Tue) by speedster1 (subscriber, #8143) [Link]

That makes no sense to me, perhaps you can explain more... are these DoS victims naive users who are running random things that script kiddies left for them? Or a daemon which has been tricked into running evil code? Either way, if a script kiddie gets to run stuff from an account, that account has been compromised and deserves to be locked out until it can be cleaned up. Maybe instead you are thinking of a way to lock out a non-compromised account with this feature?

Known-exploit detection for the kernel

Posted Jan 8, 2014 16:38 UTC (Wed) by nix (subscriber, #2304) [Link]

Imagine that someone has found a way to exploit, say, procmail, or some other daemon run on the user's behalf that accepts code from the network and is ultimately invoked from the network.

The right thing to do in that situation is probably to halt mail delivery and just queue everything -- but your proposal would lock the entire account. An attacker that can determine what accounts exist (perhaps via said exploit) could then DoS-attack the entire system trivially.

(But, of course, if they can execute arbitrary code as one user they can probably do that anyway, in about a million ways, and probably get root too. So perhaps my concerns are unjustified. It might well elevate a failed breakin, via an exploit that doesn't actually work, to a partial DoS, but I'm finding it hard to be too worried about that.)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds