[ubuntu-us-ut] please break my system

[Christer Edwards]

On Sat, Apr 17, 2010 at 1:11 PM, Christer Edwards
<christer.edwards at ubuntu.com> wrote:
> I've been thinking about setting up a server to allow shell access to
> users that wouldn't normally have it. A shell server like this could
> be used for IRC (read: screen+irssi), ssh tunneling, etc, etc. Before
> I actually implement something I'd like to test and prepare for common
> multi-user privacy and security issues. To that end I'd like to invite
> anyone interested to come break my system.
...[snip]...

So far I've had a few users login and poke around. Only one user
actually tried to bring the system down (yes, I was serious about
trying to be malicious). One user ran a fork-bomb, which brought the
load as high as: 429.79 180.16 74.14. I think I've limited this type
of attack now. Don't believe me? Try it!

I'm still interested in seeing what other types of malicious things
can be done. How else might you try to negatively affect this system?

If you have account details, please try again. If you'd like a free
system (seriously, it's mine and I *want* you to try and break it) to
screw with, just let me know.

This is meant as a learning experience for me, to actively pursue user
limitations and security practices. It can also be a learning
experience for you in being able to try things hands-on.

-- 
Christer Edwards