This is the mail archive of the
libc-hacker@sourceware.cygnus.com
mailing list for the glibc project.
Re: (bugtraq) DoS attack against Sun RPC
Hello,
Andreas Jaeger writes:
> >>>>> Zack Weinberg writes:
>
> Zack> There's been some discussion of a serious security problem with Sun
> Zack> RPC. Specifically:
> >> > [..]
> >> > Further examination and discussion (with Thomas Kukuk) shows that the bug
> >> > is probably in libc (and glibc?) and therefore probably affects _all_ rpc
>
> I do think that Thorsten (not Thomas) Kukuk is already aware of this.
Yes, I know the problem. But I'm not sure if it is only a libc
Problem. It is a RPC problem, but it could be also a Problem with the
rpcgen generated code for the daemons.
I'm not so firm with the RPC code that I have an idea how to fix
it. But the problem is clear: The daemons are single threaded and
doesn't fork for a connection, and the old connection will not be
closed, because there comes data before timeout. Since the RPC
subsystem is very complex, you couldn't check if the data is valid or
garbage.
So, the daemon will handle this request, and all other requests have
to wait. The only solutin I see is, to make a time limit for a
connection in which you should have received the data.
Not sure if this will really work, if you have big requests such like
the yp_all() function does.
Thorsten
--
Thorsten Kukuk kukuk@vt.uni-paderborn.de
http://www-vt.uni-paderborn.de/~kukuk/
Linux is like a Vorlon. It is incredibly powerful, gives terse,
cryptic answers and has a lot of things going on in the background.