Re: Crashing Unix

From: Nick Maclaren (nmm1@cus.cam.ac.uk)
Date: 03/15/02 

From: nmm1@cus.cam.ac.uk (Nick Maclaren)
Date: 15 Mar 2002 17:46:13 GMT

In article <a6tanb$oti$1@knossos.btinternet.com>,
"Nick" <goonerbloke_nospam_@hotmail.com> writes:
|> Intro. The only reason why I posted the message in the first place was
|> because he said "has no-one crashed it yet?". That made me think that it
|> must be relatively easy as most of the class were new to it. Judging from
|> what people are saying on here it is not easy at all.
|>
|> I must say that our Unix server is specifically for teaching students how to
|> use Unix and the University's main network (where everyone's work is)
|> Windows NT. Crashing Unix would just mean that IT students couldn't use
|> Unix for a short while.

Not quite. It depends on how cleanly it crashed. If it failed very
uncleanly, then it could need recovering from backups.

However, this is one of the more serious security problems, and it
indicates that many posters don't understand the issue. So, here
is a brief lecture, addressed at students :-)

Designing a flexible, general-purpose system to be proof against
denial-of-service attacks (including crashes) is provably impossible.
There are techniques that work, but they all involve heavily
constraining the flexibility. The proof derives from the Halting
Theorem, and is mathematically solid, but strictly applies only
when the resource control mechanisms are complex enough to be a
Turing machine.

Few systems have ever been designed for resistance to such attacks,
and Unix is definitely not one. Still less are any Microsoft
systems. Nor was MVS, but it was a major goal starting from the
1960s, and it was moderately solid by about 1990. VMS is similar
in many respects, and both it and MVS are much more resistant than
most Unices.

Designing systems so that such attacks are traceable is MUCH easier,
and there are systems that are effectively bulletproof in that
respect. You can't stop it being crashed, but you can find out how
and why it happened. A well-configured Unix system approaches that
state against anything except an attack that starts off by getting
absolute privilege (i.e. root, or sometimes more).

Now, this is why defending our general-purpose systems against
malicious denial-of-service attacks is a nightmare. The thing
that saves us is that the techniques for doing this are not common
knowledge among the malicious and stupid. The malicious and
intelligent avoid DoS attacks because of the high change of
detection and (usually) low return.

A course on Unix for computer science students will teach you
enough background for them to deduce ways of crashing the system,
but it will NOT give you the experience to deduce such things
effectively. Those of us with N decades of experience can often
look at a design and immediately spot weaknesses - but it is a
VERY hard thing to teach in a short course.

However, learning that is something that is highly desirable for
the next generation of systems designers. If you can't spot the
sort of thing that will crash a system, you can't design your
system to be resistant to it. I don't really know a way of
teaching that in a course - the traditional way is to expose
people to the problem for many years.

I am not, of course, going to post even the sort of thing that
will work on most Unices. You should go back to your lecturer
and ask him or her to teach, not how to do it, but the classes
of weakness to look for.

Regards,
Nick Maclaren,
University of Cambridge Computing Service,
New Museums Site, Pembroke Street, Cambridge CB2 3QH, England.
Email: nmm1@cam.ac.uk
Tel.: +44 1223 334761 Fax: +44 1223 334679

Relevant Pages

  • Re: Frank de Groot
    ... They see attacks everywhere. ... Unix is greatly superior to Windows. ... executioners", no method is shunned to destroy the "thought enemy", those ...
    (rec.games.go)
  • Re: [SLE] My Linux box crashes.....
    ... On Tuesday 26 August 2003 00:00, Chris Roubekas wrote: ... Which Unix PC? ... Please read the FAQs: suse-linux-e-faq@suse.com ...
    (SuSE)
Quantcast