https://bugzilla.novell.com/show_bug.cgi?id=670431
https://bugzilla.novell.com/show_bug.cgi?id=670431#c0
Summary: DoS in Winbind and smbd with many file descriptors
open
Classification: openSUSE
Product: openSUSE 11.3
Version: Final
Platform: All
OS/Version: openSUSE 11.3
Status: NEW
Severity: Major
Priority: P5 - None
Component: Samba
AssignedTo: security-team@suse.de
ReportedBy: lmuelle@novell.com
QAContact: samba-maintainers@SuSE.de
CC: security-team@suse.de, samba@suse.de
Found By: Community User
Blocker: No
From: Volker Lendecke
In a real customer situation I've seen winbind going
berserk. It did a 100% CPU loop between select and read.
Customer opened a case with RH because we believed the
kernel was wrong, but it turned out that winbind had
socket 1050 open.
How to reproduce this? Start winbind, wbinfo -t, unplug the
network cable (or the DC's one) and fire 2000 wbinfo -t
processes. No, the winbind client limit does not protect us,
this only kicks in for idle clients. We never kill clients
that have requests open.
While not having finished the conversion to epoll in S3 I
think we need to switch to the inefficient poll. It's a lot
less intrusive than I thought. The attached patch (I've only
mildly tested winbind, no smbd yet) converts winbind and
smbd to use poll. I would guess poll is pretty portable, at
least it's defined my version of susv3.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.