package: libpam-modules severity: critical tags: security Hi,
as there are no process limits set, it's trivial for any user to use all
resources:
Just run this in bash: :() { :I:& };:
(I obfuscated the exploit slightly. Mail me if you need to know how.)
And voila, the system is gone. (=there are ressources left to be used.)
I'm actually a bit lost how the default process limit is set, whether its
31500 or 16025 user processes, or unlimited. In any case, I succeeded in
blowing up a squeeze system as nobody when the process limit was 16025. And I
also succeeded on sid, and saw someone else kill his lenny vm.
I'm not sure if my reaction ("critical bug" as it breaks the ability to hand
out access to unbtrusted users basically) is too much, since maybe this works
as designed ("rather enable people to use the system by default, if you want
it more restricted do so...") but I could also not find anything in NEWS or
README.Debian...
cheers,
Holger
signature.asc
Description: This is a digitally signed message part.

