New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
I've tried -rwsr-xr-x and -rwsr-sr-x.
Sorry but I really don't want to fiddle around with the /etc/fstab unless it's a last resort.
Create the C code and compile it
dropcaches.c
EDIT: Modified the system call to use full path
Sure.
While it might work it has severe security implications.
Exactly what I needed. Kudos for that.
Flawless.
Not bad.
EDIT:
Code update.
It works.
Sure works on a KVM VPS, however on an OpenVZ VPS, that's a no-go.
After reading the comment and the StackOverflow post by @Janevski, I forgot that the "PATH" environment variable can be changed to a malicious one.
Please change the system call to the following to secure the system:
system("/bin/echo 3 > /proc/sys/vm/drop_caches");
Makes sense, would you mind editing your initial code snippet as well? In case someone else stumbles on it someday and doesn't bother reading further.
I did, perhaps you and @eol can update the quote as well
Done on my end.
Done.
Will all that being said, OpenVZ really needs to die.
I can't believe people in the hosting industry are still using OVZ.
This.
Now there is still a security problem.
One could replace the echo binary with something slightly more malicious.
But anyway problem solved.
We love OVZ if we don't need to do the above mentioned things. For everything else there is KVM or bare
backmetal.Really?
Come on...
Oh, and I'd never put anything sensitive anywhere near an OVZ.
gaia 2.6.32-042stab128.2
root@gaia:~# id
uid=0(root) gid=0(root) groups=0(root)
root@gaia:~# fallocate -l 1G /mnt/1GB.swap
root@gaia:~# mkswap /mnt/1GB.swap
Setting up swapspace version 1, size = 1048572 KiB
no label, UUID=19b804ff-bbf9-4b20-ac28-00d455696f51
root@gaia:~# chmod 0600 /mnt/1GB.swap
root@gaia:~# swapon /mnt/1GB.swap
swapon: /mnt/1GB.swap: swapon failed: Operation not permitted
root@gaia:~# echo 3 > /proc/sys/vm/drop_caches
-su: /proc/sys/vm/drop_caches: Permission denied
Piece of shit.
Get a dedicated server and call it a day old chap.
Agreed.
EDIT:
Nothing better than idling a bunch of dedicated servers.
One work-around I am thinking of regarding the "echo binary issue" would be to use busybox, at least that's how it is done on embedded systems with minimal kernels and space constraints.
It's not idling if they are running tmux + htop.
While that might work... don't you think busybox is somewhat limited?
EDIT:
Quote.
You forgot screen! You n00b.
Tmux is screen's sexy sister.
That depends on "how" you've compiled it actually.
See: https://busybox.net/downloads/BusyBox.html
Edit: Busybox can even have it's own internal httpd, ftpd, nc and so forth. Back in my days some rootkits were actually nothing but modified busybox binaries disguised as legit daemons running on compromised hosts.
True.
Yeah but when you're drunk to the boot, you'd still fuck the uglier sister regardless.