| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 25 Nov 2010 12:52:13 +0500
From: Марк Коренберг
<socketpair@...il.com>
To: netdev@...r.kernel.org
Subject: Fwd: Simple kernel attack using socketpair. easy, 100%
reproductiblle, works under guest. no way to protect :(
---------- Forwarded message ----------
From: Марк Коренберг <socketpair@...il.com>
Date: 2010/11/25
Subject: Re: Simple kernel attack using socketpair. easy, 100%
reproductiblle, works under guest. no way to protect :(
To: Eric Dumazet <eric.dumazet@...il.com>
2010/11/25 Eric Dumazet <eric.dumazet@...il.com>:
> Le jeudi 25 novembre 2010 à 11:52 +0500, Марк Коренберг a écrit :
>> Well, It seems, that patch likely will fix 100% CPU usage.
>>
>> But what about eating all available descriptors in kernel ? vulnerability ?
>>
>
> It doesnt fix cpu usage actually, your program eats 100% of one cpu,
> like the following one :
>
> for (;;) ;
>
> If you want not eat 100% cpu, I suggest you add some blocking calls,
> like usleep(10000)
>
> for (;;) usleep(10000);
>
> Patch only makes sure kernel wont eat too much memory to store inflight
> unix sockets.
I have attached source which proove, that loop not inside this
program, but inside kernel.
--
Segmentation fault
--
Segmentation fault
View attachment "sp.c" of type "text/x-csrc" (979 bytes)
Powered by blists - more mailing lists