httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From (Robert S. Thau)
Subject Re: my scoreboard file is world writeable
Date Wed, 02 Aug 1995 15:40:56 GMT
Hmmm... the only way I can think of to provoke a full-scale fork bomb
is to keep zeroing out the file, which will cause the root process to
think that there aren't enough free servers running and fork off more...
NB that you have to write on the *same* scoreboard file which the root
server opened, since it is not continually reopening it.  So, if the
attacker has write permission on the scoreboard, this is a problem; if
not, not --- and if the scoreboard isn't publically writable, then an
attacker who could write it could probably run the fork bomb themselves
anyway.  (Come to think of it, that covers a lot of these scenarios).


View raw message