I wrote:
> ... we can cause one left-over entry with [xterm] ... except xterm
> reuses ptys and re-writes utmp entries ...
We can arrange to hog the pty but release the PID with
run xterm, and within that xterm use
bash -c 'trap "" 11; sleep 600 &'; kill -11 $PPID
Then waste a few PIDs with something like
perl -e 'foreach (1..32000) { system "/bin/false" }'
so the "next PID" will be what we want; then do the xterm again and
repeat until we have a contiguous block of PIDs in the utmp file.
Spin the "next PID" to be within that range, and we have a DoS
against the next few login attempts.
I do not know what practical uses this could have: lock out root so
cannot observe our activities?
Cheers,
Paul Szabo [email protected] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
