Comment by AStonesThrow

7 months ago

Wait, you set up a symlink?

I am not sure how that could’ve worked. Unless the real /dev tree was exposed to your webserver’s chroot environment, this would’ve given nothing special except “file not found”.

The whole point of chroot for a webserver was to shield clients from accessing special files like that!

3 comments

AStonesThrow

Reply
vidarh  7 months ago

You yourself explain how it could've worked: Plenty of webservers are or were not chroot'ed.

  • pandemic_region  7 months ago

    Which means that if your bot is getting slammed by this, you can assume it's not chrooted and hence a more likely target for attack.

    • vidarh  7 months ago

      This does not logically follow. If your bot is getting slammed by a page returning all zeros (what the person I replied to reacted to), all you know is something on the server is returning a neverending stream of zeros. A symlink to /dev/zero is an easy way of doing that, but knowing the server is serving up a neverending stream of zeros by no means tells you whether the server is running in a decently isolated environment or not.

      Even if you knew it was done with a symlink you don't know that - these days odds are it'd run in a container or vm, and so having access to /dev/zero means very little.