[linux-security] Re: portmap vulnerability?

[Matt <panzer@xxxxxxx>]

In mail.linux.security Tony Nugent <Tony.Nugent@xxxxxxxxxx> wrote:
: To make this post worthwhile, where is a snippit out of my own
: /etc/hosts.deny file...

: " | /bin/mail -s "$(uname -n) wrappers\: %d refused for %c" \
: root@localhost ) &

It was very tempting send a pile of spoofed packets into your network to
generate a huge load of email, filling up your mail spool and generating a
nice load on your system. :)

As tempting as this type of logging usually is, perhaps you want to dump
it to a file, instead of having every connection attempted emailed to you,
generating a handful of proccesses while it does so.


[mod: Some remarked that things like "%u" are "client controlled" and
could be used to exploit Tony's system. The manual however claims:

      Characters in % expansions that may confuse the shell  
      are replaced by underscores.

so that should be OK. -- REW]

-- 
-Matt Drown     -- Privacy, Anonyminity, & Security -- DataHaven Project
 panzer@xxxxxxx -- Shell and Web accounts           -- http://www.dhp.com/