[PATCH 1/1] su: Add a delay if the password is incorrect

Rich Felker dalias at aerifal.cx
Sun Mar 16 03:06:22 UTC 2014


On Fri, Mar 14, 2014 at 08:08:08AM +0000, Laurent Bercot wrote:
> On 2014-03-13 22:16, John Spencer wrote:
> >>You could make it rigorous by touching a fixed filename in /var/run
> >>each time and sleeping until a fixed interval has elapsed past that
> >>file's mtime. Unless you do that though, adding a delay is just a
> >>nuisance. It does not hinder competent attackers and it annoys
> >>legitimate users who mistype their password.
> >
> >correct, and that's exactly what sabotage linux' su implementation does:
> >https://github.com/sabotage-linux/sabotage/blob/master/KEEP/su.c
> >(only difference: it uses /var/lib)
> 
>  Please consider using /tmp instead, so su works even when /var has not
> been mounted yet. (This is useful for recovery situations.)

/tmp is not suitable for this; you can never assume the ability to
create a fixed-name file in /tmp, since the namespace of /tmp is
shared on a first-come, first-served basis. Any programs using /tmp
except for creating randomly-named files there are buggy.

It would probably be suitable to skip the check if the appropriate
directory under /var does not exist (but not just if opening it fails
for a reason other than non-existence, since you don't want, e.g.,
fd-exhaustion attacks to let an attacked bypass the rate-limiting).

Rich


More information about the busybox mailing list