SET March 2000 http://www.set-ezine.org ---[ CONTENTS ]--- - 01 - Introduction - 02 - Oddities - 03 - Conclusions Introduction =-=-=-=-=-=- Browsers under Linux will hang when trying to access certain devices, this bug may be considered similar to the \con\con bug except that the technological superiority of Linux will prevent a system crash. Examples have been tested under different versions of Lynx and Netscape, sometimes the behaviour of the browser differ. The bug was originally reported by Fuska in a message posted in the SET forum. Original message URL: http://www.coolboard.com/msgshow.cfm/msgboard=377408526880083&msg=571161262892011&page=1&idDispSub=63896961854800 Some of the devices that will make a browser hang are /dev/tty* /dev/cua* /dev/std* /dev/egp /dev/ggp /dev/inet/* /dev/initctl You could embed this bug in a test page in the form: Surprise As you might imagine there are some secondary effects like losing the control of your keyboard for some seconds, etc and of course (needless to say) you can't open a file you haven't permissions for. If you don't want to wait for someone to follow a link you can make the process quicker by using this mini-page or some variation. Hangs Netscape (with javascript enabled) We have put a small test page on-line: http://www.set-ezine.org/browser-test.html Oddities =-=-=-=- Trying to open /dev/mouse will have the effect of freezing the mouse, you won't be returned control until the page load is halted. With /dev/ftape you will have some minutes of fun seeing your fd drive going crazy but perhaps you should buy a new one after the show is over (this hasn't been thoroughly tested), note that this can be induced remotely with a simple link or auto-magically. There are plenty of devices that will act 'funny' when called this way, after playing for some time you should check how many modules you have loaded, it's possible that a remote site could make a html page to load some kernel modules in your machine, trying to guess if you are hosting any popular trojan module or with a more dangerous idea. An example could be using /dev/audio or /dev/ptmx as the target file. Watching syslog output you'll see that some modules "refuse" to die and keep scanning for devices. Conclusions =-=-=-=-=-= This text is not intended to cause 'alarm', although sometimes the effects of accesing devices can be annoying most of the time they can be limited by a mid-experienced user anyway the ability of crashing a browser or loading modules remotely without your consent isn't clearly what you would want. Finally we want to remind that Fuska was the person who give us the first notice about this bug. Feel free to copy and distribute. SET (c) 2000 . http://www.set-ezine.org