Mailinglist Archive: opensuse-bugs (5927 mails)

[bugzilla_noreply@xxxxxxxxxx]

https://bugzilla.novell.com/show_bug.cgi?id=670431

https://bugzilla.novell.com/show_bug.cgi?id=670431#c0


           Summary: DoS in Winbind and smbd with many file descriptors
                    open
    Classification: openSUSE
           Product: openSUSE 11.3
           Version: Final
          Platform: All
        OS/Version: openSUSE 11.3
            Status: NEW
          Severity: Major
          Priority: P5 - None
         Component: Samba
        AssignedTo: security-team@xxxxxxx
        ReportedBy: lmuelle@xxxxxxxxxx
         QAContact: samba-maintainers@xxxxxxx
                CC: security-team@xxxxxxx, samba@xxxxxxx
          Found By: Community User
           Blocker: No


From: Volker Lendecke <Volker.Lendecke@xxxxxxxxx>

In a real customer situation I've seen winbind going
berserk. It did a 100% CPU loop between select and read.
Customer opened a case with RH because we believed the
kernel was wrong, but it turned out that winbind had
socket 1050 open.

How to reproduce this? Start winbind, wbinfo -t, unplug the
network cable (or the DC's one) and fire 2000 wbinfo -t
processes. No, the winbind client limit does not protect us,
this only kicks in for idle clients. We never kill clients
that have requests open.

While not having finished the conversion to epoll in S3 I
think we need to switch to the inefficient poll. It's a lot
less intrusive than I thought. The attached patch (I've only
mildly tested winbind, no smbd yet) converts winbind and
smbd to use poll. I would guess poll is pretty portable, at
least it's defined my version of susv3.

-- 
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.