Multiple Platform remote CPU load issue in Samba 1.x and 2.x
Christopher R. Hertel
crh at nts.umn.edu
Wed Jun 14 15:46:00 GMT 2000
> No. These requests are all coming in on the same tcp connection (hence
> they are talking to the same smbd process).
'Fraid not.
You can have multiple TCP connections over the same TCP port. When a new
connection comes in, smbd forks a process to handle it. I just tested
this using the exploit we're discussing. You can see the child process
get spawned, the CPU utilization go up, and then the process go away
after I kill the attack.
$ ps -ef | grep smbd
root 23537 1 0 20:34:43 ? 0:00 /usr/local/samba/bin/smbd -D
$ ps -ef | grep smbd
root 23537 1 0 20:34:43 ? 0:00 /usr/local/samba/bin/smbd -D
root 24126 23537 7 10:39:51 ? 0:00 /usr/local/samba/bin/smbd -D
$ ps -ef | grep smbd
root 23537 1 0 20:34:43 ? 0:00 /usr/local/samba/bin/smbd -D
root 24126 23537 46 10:39:51 ? 0:01 /usr/local/samba/bin/smbd -D
$ ps -ef | grep smbd
root 23537 1 0 20:34:43 ? 0:00 /usr/local/samba/bin/smbd -D
root 24126 23537 70 10:39:51 ? 0:03 /usr/local/samba/bin/smbd -D
$ ps -ef | grep smbd
root 23537 1 0 20:34:43 ? 0:00 /usr/local/samba/bin/smbd -D
root 24126 23537 76 10:39:51 ? 0:05 /usr/local/samba/bin/smbd -D
$ ps -ef | grep smbd
root 23537 1 0 20:34:43 ? 0:00 /usr/local/samba/bin/smbd -D
root 24126 23537 40 10:39:51 ? 0:08 /usr/local/samba/bin/smbd -D
$ ps -ef | grep smbd
root 23537 1 30 20:34:43 ? 0:00 /usr/local/samba/bin/smbd -D
$ ps -ef | grep smbd
root 23537 1 0 20:34:43 ? 0:00 /usr/local/samba/bin/smbd -D
Chris -)-----
--
Christopher R. Hertel -)----- University of Minnesota
crh at nts.umn.edu Networking and Telecommunications Services
Ideals are like stars; you will not succeed in touching them
with your hands...you choose them as your guides, and following
them you will reach your destiny. --Carl Schultz
More information about the samba-technical
mailing list