This is the mail archive of the
libc-hacker@sourceware.cygnus.com
mailing list for the glibc project.
New RPC DoS patch
- To: libc-hacker@cygnus.com
- Subject: New RPC DoS patch
- From: Thorsten Kukuk <kukuk@weber.uni-paderborn.de>
- Date: Mon, 15 Jun 1998 21:21:08 +0200 (MEST)
Hello,
I have append 2 patches for the RPC DoS problem, one for glibc 2.0.7,
one for the current snapshot. The old fix makes a lot of problems,
especially with NIS, NIS+ and NFS and Solaris on the other side.
I have spoken on the Linux Congress in Cologne about this problem, and
with the FreeBSD Developer. We all agree, that it is not possible to
solve the problem in the library part correct. You need to merge the
svc_tcp(readtcp) select call with the svc_run select call, and to
spawn a new thread for each connection. The problem is, that nearly
every daemon has its own svc_run implementation, and you need to
change a lot of user code.
The current patch trys to avoid the easy attacks from shell scripts,
which doesn't know about the protocol. But it is no problem to write a
little C program, which makes the same problems.
Another Question:
For the libdb 1.85 add-on library, I need to tell the Makefile, not to
create a libdb.so file. Could anybody from the Makefile gurus tell me,
how to do that ? I wish to finish this.
Thorsten
--
Thorsten Kukuk kukuk@vt.uni-paderborn.de
http://www-vt.uni-paderborn.de/~kukuk
Linux is like a Vorlon. It is incredibly powerful, gives terse,
cryptic answers and has a lot of things going on in the background.
sunrpc-2.0.x.diff
sunrpc-2.1.diff