[OpenAFS] find /afs/ breaking the client?
Sun, 04 Feb 2007 09:53:53 +0100
I just ran into a fairly annoying problem:
One of our students found out, by accident I guess, that running=20
find /afs/ -name whatever
breaks the AFS client _and_ makes the machine hang on access to _any_
file anywhere in the file system hierarhy, not only within afs.
The problem is, this exploit has been successfully used to torpedo exams
that involved students logging in to our SSH server, also as a general
DoS style attack.
Only our cell, wszib.edu.pl, is configured in the client on SSH server.
Client version is 1.5.14; the system is Linux 220.127.116.11 running as
unpriviledged guest within Xen.
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: To jest =?UTF-8?Q?cz=C4=99=C5=9B=C4=87?= listu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
-----END PGP SIGNATURE-----