[PATCH] Fix bug #10406 - vfs_dirsort can trample on its own private data.
Jeremy Allison
jra at samba.org
Tue Feb 11 13:41:54 MST 2014
On Wed, Feb 12, 2014 at 09:36:02AM +1300, Andrew Bartlett wrote:
>
> Looking over the code, I do wonder about the risks we now have for a
> client-based DoS.
>
> I know this is a boutique module - but if an OEM is using it, then it
> suggests that it could be deployed in situations where users could abuse
> it.
>
> My worry is: What happens if a user opens a large directory a large
> number of times. It seems the server-side memory use would be
> unbounded, as would the length of the list.
>
> What do you think we should do about this? Just warn in the manpage, or
> do something more drastic?
>
> Certainly DoS potential is much better than the data corruption
> (essentially) issues the module had before (the incorrect 7zip
> archives), but it just worries me a little.
>
> Is there any way to do this with just one entry in the cache, and just
> re-fetch and re-sort if a different directory is opened?
>
> What do you think?
We already have many resource constraints where clients can DOS themselves.
Ultimately clients are limited by file descriptor limits on
the number of directories that can open.
I personally don't think this makes the problem any worse, and
is a boutique module, not loaded by default :-).
OEMs using it make their own decisions on these things.
Essentially I'm saying I think it's good and I want you
to push the change (+test) as-is :-).
Jeremy.
More information about the samba-technical
mailing list