This is the mail archive of the
libc-hacker@sourceware.cygnus.com
mailing list for the glibc project.
Re: [Bill Paul <wpaul@CTR.COLUMBIA.EDU>] Re: easy DoS in most RPC apps
Thomas Bushnell, n/BSG writes:
>
> Am I correct in understanding that the SunRPC bug can only affect TCP
> services?
Yes, it only affect TCP services. But the fix doesn't really fix it.
As I said in my earlier mails, the problem will be only fixed, if the
daemon spawns a new thread for each connection. And I'm not the only
one with this opinion:
>From Olaf Kirch <okir@MONAD.SWB.DE>:
>
>Sun's RPC code has some more problems. If you send it a continuous
>stream of zero bytes, it will loop forever because it interprets them
>as a sequence of zero-length record fragments. It nicely gobbles the
>empty record, notices that this hasn't been the last fragment (EOR bit
>is 0 of course) and goes asking for more, etc ad inf.
>
>Concerning the 35 second timeout Bill mentions above, this can also be
>stretched out quite a bit if you transmit the RPC packet byte by byte,
>each 30 seconds apart.
>
>Given the way RPC was designed, I cannot think how to work around this
>problem except by handling all RPC requests in a separate thread.
That's the same I think. We should add the FreeBSD fix to glibc 2.0.7,
so that it isn't such trivial as in the moment, and hope, that the
authors use threads in her RPC daemons to be really safe.
Thorsten
--
Thorsten Kukuk kukuk@vt.uni-paderborn.de
http://www-vt.uni-paderborn.de/~kukuk
Linux is like a Vorlon. It is incredibly powerful, gives terse,
cryptic answers and has a lot of things going on in the background.