lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20090128113640.2ea5a9fb@lxorguk.ukuu.org.uk>
Date:	Wed, 28 Jan 2009 11:36:40 +0000
From:	Alan Cox <alan@...rguk.ukuu.org.uk>
To:	Bron Gondwana <brong@...tmail.fm>
Cc:	Ray Lee <ray-lk@...rabbit.org>,
	Davide Libenzi <davidel@...ilserver.org>,
	Bron Gondwana <brong@...tmail.fm>,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	Greg KH <gregkh@...e.de>,
	Andrew Morton <akpm@...ux-foundation.org>
Subject: Re: [PATCH 1/3] epoll: increase default max_user_instances to 1024

> > "A kernel upgrade in a -stable series point release fixed a security DoS"
> 
> Alan, that's a complete load of bollocks.  It broke common configurations 
> of java, postfix and apache on real-world machines, causing significant
> actual denials of service in previously reliable configurations.

It fixed a security DoS. I was merely pointing out that the description
provided before was bogus, incomplete and loaded.

> viable within the code.  The DoS works by creating epoll descriptors
> watching other epoll descriptors, which strikes me as a much less
> real-world actual use pattern than a bunch of separate daemons with an
> epoll watcher each.

Deliberate attackers don't have to follow typical usage patterns.

> If it's possible to count watches only if they're added to another epoll
> instance, then we'd have a metric that still catches the N^2 attack, but
> doesn't interact with the common non-attacky use-case.

Agreed entirely.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ