Keyboard mashing from toddler crashes system

[Hx Jai]

My son discovered my TrueNAS server and decided to walk on the keyboard. The system crashed when he did, so I enabled the console login from the Advanced settings (System - Advanced - Uncheck "Show console without password" ).

...and then he crashed it again. All he did was mash keys.

For now, I've unplugged the keyboard, but this makes me think there's a vulnerability in the console login. The reason I think it's something on the login screen is that I noticed that the first couple times he crashed the server, he had somehow gotten from the 1-11 menu prompt to a system login prompt prior to it crashing.

I bet there's a buffer overflow in the login screen or something.

 

[HoneyBadger]

For now, go to System - Advanced and uncheck the "Show console without password" - that will at least force your little one to have to mash your password first before getting any further.

As far as keyboard mashing causing a crash - I'll leave that to others to investigate, but I imagine there's some combination of bad luck + random keypresses that could send the equivalent of SIGKILL to a middleware/other process, especially if you can get to a shell.

 

[Hx Jai]

go to System - Advanced and uncheck the "Show console without password" -

This was already set (and I confirmed that the console had a login prompt before letting him mash keys again)! That's what remarkable about this crash. He crashed it from the login prompt! ...and in case you're wondering, the password is long and complex.

...also, this isn't a one-off. This has happened three times now in less than a week. (I have since unplugged the keyboard).

 

[Simtech]

All he did was mash keys...

These are also the required skills for an Apple genius bar employee

 

[Kris Moore]

These are also the required skills for an Apple genius bar employee

Or also a career as a future software QA tester :)

Seriously though, go ahead and put a ticket into jira.ixsystems.com and we can at least track this, see if there's anything obvious we can do here.

 

[HoneyBadger]

This was already set (and I confirmed that the console had a login prompt before letting him mash keys again)! That's what remarkable about this crash. He crashed it from the login prompt! ...and in case you're wondering, the password is long and complex.

...also, this isn't a one-off. This has happened three times now in less than a week. (I have since unplugged the keyboard).

That's definitely more of a concern. Law #3 still applies (if an adversary has unrestricted physical access to your computer, it's not your computer anymore) but it surely shouldn't be possible to cause a denial of service directly from a login prompt.

Curious - are you able to reproduce it yourself, or will you have to coordinate with your son for the bug testing? :)

These are also the required skills for an Apple genius bar employee

Louis Rossmann has entered the chat

 

[Constantin]

That's why Louis got a wiped Macbook Pro from me when I needed a Thunderbolt 3 chip replaced.