Re: Local Denial-of-Service attack against Linux (fwd)

From: Manfred Spraul (manfreds@colorfullife.com)
Date: Sat Mar 25 2000 - 08:27:08 EST

Next message: Thierry Danis: "Very low cpio tansfer rates with 2.2.12-20"
Previous message: bert hubert: "Re: Patch: BadRAM put to use"
In reply to: Daniel Giemza: "Local Denial-of-Service attack against Linux (fwd)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Daniel Giemza wrote:
>
>
> Apparently unix domain sockets are ignoring the /proc/sys/net/core/wmem_max
> parameter, despite the documentation to the contrary. The fix should be
> simple, but I haven't had time to chase it down, and I'm not (usually) a
> Linux kernel developer.

* Linux allows you to send one message, even if that message is longer
than wmem_max.
* linux/net/core/sock.c:sock_alloc_send_skb(), around line 800:

        skb=sock_wmalloc(...);
        if(skb)
                break;
+ if(try_size > 131072)
+ break;

should fix the problem [untested]

I noticed 2 further problems:
* 131072 should be a define (KMALLOC_MAX)
* linux/net/unix/af_unix.c:unix_stream_sendmsg() assumes that the page
size is 4096.

s/4096-16/PAGESIZE/g

-- Manfred

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: Thierry Danis: "Very low cpio tansfer rates with 2.2.12-20"
Previous message: bert hubert: "Re: Patch: BadRAM put to use"
In reply to: Daniel Giemza: "Local Denial-of-Service attack against Linux (fwd)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Fri Mar 31 2000 - 21:00:15 EST