lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <56B209A9.5030402@stressinduktion.org>
Date:	Wed, 3 Feb 2016 15:07:37 +0100
From:	Hannes Frederic Sowa <hannes@...essinduktion.org>
To:	David Herrmann <dh.herrmann@...il.com>,
	Simon McVittie <simon.mcvittie@...labora.co.uk>
Cc:	Willy Tarreau <w@....eu>, "David S. Miller" <davem@...emloft.net>,
	netdev <netdev@...r.kernel.org>,
	linux-kernel <linux-kernel@...r.kernel.org>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Eric Dumazet <edumazet@...gle.com>, socketpair@...il.com,
	Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>
Subject: Re: [PATCH v2] unix: properly account for FDs passed over unix
 sockets

On 03.02.2016 12:56, David Herrmann wrote:
> However, with Hannes' revised patch, a different DoS attack against
> dbus-daemon is possible. Imagine a peer that receives batches of FDs,
> but never dequeues them. They will be accounted on the inflight-limit
> of dbus-daemon, as such causing messages of independent peers to be
> rejected in case they carry FDs.

Yes, that is true.

We also kind of have the problem with unconnected af-unix dgram sockets: 
if the receiver does not read the skbs on the receive queue we don't 
free up the sending socket's wmem, thus stop the socket from being 
destructed and can block the process during sendmsg on this socket. This 
is harder to DoS but pretty much the same schema.

Bye,
Hannes

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ