Currently, I have a service started by xinetd and close stdin on the command line arguments to avoid hackers hacking my program. I run a bash script as user "nobody" that basically looks like this (extra extraneous stuff is removed):
#!/bin/bash
function fakessh() {
echo SSH-2.0-OpenSSH_3.9p1 # ID ourself as a valid SSH service
/bin/cat /dev/urandom # and send random data
}
# Main follows - this is run as user "nobody"
fakessh <&- # Call the payload and (again) close stdin to avoid hacks
# EOF - fakessh
The result for someone using a normal ssh client is:
UNIX> ssh localhost
Disconnecting: Bad packet length 3349376822.
I am hoping to cause some kind of memory problem here and thats why I need the source code. Another exploit to examine is what happens with zero length packets if we cat /dev/zero. If there is nothing to exploit here, I'll remove the "echo" line so I send random data until the hacker client terminates his connection.
Thank you,
Brian Micek
signature.asc
Description: This is a digitally signed message part
