Linux, too, sot of (Windows MS-DOS Device Name DoS vulnerabilities)

[Richard Kettlewell <rjk+news () sfere greenend org uk>]

Ishikawa <ishikawa () yk rim or jp> writes:

> One may be tempted to block all the files below /dev inside
> the browser/servers.

If I ask my currently running web browser to open
file:/proc/self/fd/3, it gets /dev/zero, and starts burning CPU and
disc (until it runs out).

There's some pipes in there too, which presumably have internal
significance to the executing program; if I'd started it from a
terminal there'd be some FDs onto that.  I'm sure there are all sorts
of possibilities for disruption.

Special files outside /dev constitute as much of a risk as the
contents of /dev.

> Could this be a cure for this problem under linux/UNIX?
> (Yes, I know we can have devices under different places.
> But I am not sure if the devices under non-stanard  places
> can be used for DoS attacks in the browser context
> I mentioned above.)

A better answer might be to stat the file, and reject it if it not a
regular file.  Another approach would be to forbid inlining "file:"
URLs from external pages, as described at
http://bugzilla.mozilla.org/show_bug.cgi?id=91316

ttfn/rjk