httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dean Gaudet <dgau...@arctic.org>
Subject RE: [PATCH] accept serialization
Date Thu, 14 Aug 1997 09:17:32 GMT
On Thu, 14 Aug 1997, Paul Sutton wrote:

> Ok, I've tried this quickly and it *does NOT work* without the ownership
> change. Each child fails on the accept_mutex_on (they exit after the
> perror here with "accept_mutex_on:  Permission denied"). So another one
> gets spawned and dies, for ever. Not nice.

Damn.  Ok that means that USE_SYSVSEM_SERIALIZED_ACCEPT has a known DoS
attack (make a cgi which forks a child which acquires the semaphore and
sleeps forever).  So far I've only proposed that it be the default for
IRIX. Notes: 

- on multiprocessor IRIX boxes it's way faster to use _USLOCK_, but these
are way slower on single processor boxes

- fcntl/flock are extremely painfully slow on some irix boxes (probably
boxes running NFS servers, or maybe just on multiprocessor boxes, we
haven't isolated what yet) 

- Martijn Koster tells me he's been running with the equivalent of
SAFE_UNSERIALIZED_ACCEPT on IRIX boxes with no ill-effect

- systems concerned about local users who can run CGIs and cause the DoS
are probably also concerned enough to use suexec/cgiwrap and be immune to
the DoS

So, I'm happy with documenting the DoS and the workarounds and options and
alternatives.  It's too bad IRIX is a little too inconsistent on these
things.

Dean



Mime
View raw message