Re: Fwd: Any user can panic OpenBSD machine

[kragen () POBOX COM (Kragen)]

On Mon, 27 Jul 1998, Theo de Raadt wrote:
> Whoopty doo -- another way to crash another operating system has been
> reported.  This is twice now that a 'local' OpenBSD crash has made it
> to bugtraq as if it were a typical exploit.  Does this now mean
> bugtraq is open ground for reporting any way to crash a multiuser
> operating system?  I bet there are plenty of ways to crash any
> operating system, if you have a local account.

There are operating systems -- KeyKOS and MVS, for example -- in which
making this impossible is an explicit design goal.  I do not believe
there are any known local-DoS exploits for either of these two OSes.

> However, this bug does not by itself provide anyone with a way to gain
> elevated priviledges and greater control of the system.  That is what
> most of us normally call an 'exploit', or has the lingo changed
> recently?

Sometimes, being able to crash a machine reliably is enough control to
cause some serious damage.

> But I have not seen many ways to crash Linux
> on BUGTRAQ, so I think people expect more of us.

Perhaps this should change.

> > Black hats distribute these kind of exploits quickly.  Let's make sure a
> > few white hats know about them too.
>
> Black hats distribute information on how to crash systems?  I thought
> they were concentrating on breaking root.

Yes, black hats do distribute information on how to crash systems.

Kragen