[OpenAFS] find /afs/ breaking the client?
Derrick J Brashear
Sun, 4 Feb 2007 09:36:47 -0500 (EST)
On Sun, 4 Feb 2007, Jakub Witkowski wrote:
> I just ran into a fairly annoying problem:
> One of our students found out, by accident I guess, that running
> find /afs/ -name whatever
> breaks the AFS client _and_ makes the machine hang on access to _any_
> file anywhere in the file system hierarhy, not only within afs.
> The problem is, this exploit has been successfully used to torpedo exams
> that involved students logging in to our SSH server, also as a general
> DoS style attack.
> Only our cell, wszib.edu.pl, is configured in the client on SSH server.
> Client version is 1.5.14; the system is Linux 22.214.171.124 running as
> unpriviledged guest within Xen.
Well, we haven't recommended 1.5.14 so I'm curious why you chose it, but,
do you have an oops?