Fake Unix and Linux Advisory - The /dev/null Vulnerability

[ Thanks to Mike Golvach for this link. ]

"The contemporary method of /dev/null drivers is described as the "high suction algorithm" in comparison with the replacement that vendors have made available for their systems. If a malicious user uses a program with low-resistance logic to connect /dev/null back into itself, the device goes critical and can be used for destructive purposes.

"Once the /dev/null device driver enters a critical state, programs with low-resistance logic will break, be consumed by /dev/null and expose their standard input to the full force of /dev/null itself. Some examples which have been verified in labs include the following:

* Programs which are consumed by /dev/null become permanent entry points to /dev/null afterward.
* If standard input is redirected from any regular file, it will be "sucked dry" and left empty. File permissions do not prevent loss of data.
* If standard input is redirected from a directory, all the files and directories within it will be sucked dry, recusrively removing an entire directory tree."

Complete Story

Related Stories:

• XKCD - Linux, Unix And Other Funny Cartoons(Nov 16, 2008)
• Unix And Linux Humor - Cult Satire(Nov 10, 2008)
• Stupefying Linux and Unix Humor(Nov 08, 2008)
• Funny Mozilla Bugs - Open Source Humor(Nov 02, 2008)
• Ridiculous Resumes - Unix, Linux and Everything in Between(Oct 26, 2008)
• Unix - What Is It? More Linux/Unix Humor(Oct 25, 2008)