[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: kernel: AF_UNIX: Fix deadlock on
From:       Josh Bressers <bressers () redhat ! com>
Date:       2009-10-19 19:27:31
Message-ID: 1707377269.594911255980451060.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]

Please use CVE-2009-3621.

Thanks.

-- 
    JB


----- "Eugene Teo" <eugeneteo@kernel.sg> wrote:

> Quoting from the patch submitted:
> "...a deadlock bug in UNIX domain socket, which makes able to DoS
> attack against the local machine by non-root users.
> 
> ...
> Why this happens:
>   Error checks between unix_socket_connect() and unix_wait_for_peer()
> are
>   inconsistent. The former calls the latter to wait until the backlog
> is
>   processed. Despite the latter returns without doing anything when
> the
>   socket is shutdown, the former doesn't check the shutdown state and
>   just retries calling the latter forever."
> 
> How to reproduce:
>   1. Make a listening AF_UNIX/SOCK_STREAM socket with an abstruct
>      namespace(*), and shutdown(2) it.
>   2. Repeat connect(2)ing to the listening socket from the other
> sockets
>      until the connection backlog is full-filled.
>   3. connect(2) takes the CPU forever. If every core is taken, the
>      system hangs.
> 
> Reproducer:
> http://patchwork.kernel.org/patch/54678/
> 
> You will need to add in the missing header files:
> #include <string.h>
> #include <stdio.h>
> #include <sys/un.h>
> #include <sys/types.h>
> #include <sys/socket.h>
> 
> Reference:
> https://bugzilla.redhat.com/show_bug.cgi?id=529626
> 
> Thanks, Eugene
[prev in list] [next in list] [prev in thread] [next in thread]