Fake Unix and Linux Advisory - The /dev/null Vulnerability
Nov 17, 2008, 04:01 (0 Talkback[s])
(Other stories by Mike Tremell)
Desktop-as-a-Service Designed for Any Cloud ? Nutanix Frame
[ Thanks to Mike
Golvach for this link. ]
"The contemporary method of /dev/null drivers is
described as the "high suction algorithm" in comparison with the
replacement that vendors have made available for their systems. If
a malicious user uses a program with low-resistance logic to
connect /dev/null back into itself, the device goes critical and
can be used for destructive purposes.
"Once the /dev/null device driver enters a critical state,
programs with low-resistance logic will break, be consumed by
/dev/null and expose their standard input to the full force of
/dev/null itself. Some examples which have been verified in labs
include the following:
* Programs which are consumed by /dev/null become permanent entry
points to /dev/null afterward.
* If standard input is redirected from any regular file, it will be
"sucked dry" and left empty. File permissions do not prevent loss
* If standard input is redirected from a directory, all the files
and directories within it will be sucked dry, recusrively removing
an entire directory tree."