[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE request: kernel: AF_UNIX: Fix deadlock on
From: Josh Bressers <bressers () redhat ! com>
Date: 2009-10-19 19:27:31
Message-ID: 1707377269.594911255980451060.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]
Please use CVE-2009-3621.
Thanks.
--
JB
----- "Eugene Teo" <eugeneteo@kernel.sg> wrote:
> Quoting from the patch submitted:
> "...a deadlock bug in UNIX domain socket, which makes able to DoS
> attack against the local machine by non-root users.
>
> ...
> Why this happens:
> Error checks between unix_socket_connect() and unix_wait_for_peer()
> are
> inconsistent. The former calls the latter to wait until the backlog
> is
> processed. Despite the latter returns without doing anything when
> the
> socket is shutdown, the former doesn't check the shutdown state and
> just retries calling the latter forever."
>
> How to reproduce:
> 1. Make a listening AF_UNIX/SOCK_STREAM socket with an abstruct
> namespace(*), and shutdown(2) it.
> 2. Repeat connect(2)ing to the listening socket from the other
> sockets
> until the connection backlog is full-filled.
> 3. connect(2) takes the CPU forever. If every core is taken, the
> system hangs.
>
> Reproducer:
> http://patchwork.kernel.org/patch/54678/
>
> You will need to add in the missing header files:
> #include <string.h>
> #include <stdio.h>
> #include <sys/un.h>
> #include <sys/types.h>
> #include <sys/socket.h>
>
> Reference:
> https://bugzilla.redhat.com/show_bug.cgi?id=529626
>
> Thanks, Eugene
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic