From c0d1b5a004b9949bb455b7dbe17b335b7cab9ead Mon Sep 17 00:00:00 2001 From: "Frank Ch. Eigler" Date: Fri, 12 Feb 2010 10:25:43 -0500 Subject: PR11105 part 2: tighten constraints on stap-server parameters passed to make * util.h, util.cxx (assert_match_regexp): New function. * main.cxx (main): Constrain -R, -r, -a, -D, -S, -q, -B flags. * stap-serverd (listen): Harden stap-server-connect with ulimit/loop. * testsuite/systemtap.server/{client,server}_args.exp: Revised. --- stap-serverd | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) (limited to 'stap-serverd') diff --git a/stap-serverd b/stap-serverd index eda9711e..5820286f 100755 --- a/stap-serverd +++ b/stap-serverd @@ -360,11 +360,19 @@ function advertise_presence { function listen { # The stap-server-connect program will listen forever # accepting requests. - ${stap_pkglibexecdir}stap-server-connect \ - -p $port -n $nss_cert -d $ssl_db -w $nss_pw \ - -s "$stap_options" \ - >> $logfile 2>&1 & - wait '%${stap_pkglibexecdir}stap-server-connect' >> $logfile 2>&1 + # CVE-2009-4273 ... or at least, until resource limits fire + while true; do # NB: loop to avoid DoS by deliberate rlimit-induced halt + # NB: impose resource limits in case of mischevious data inducing + # too much / long computation + (ulimit -f 50000 -s 1000 -t 60 -u 20 -v 500000; + exec ${stap_pkglibexecdir}stap-server-connect \ + -p $port -n $nss_cert -d $ssl_db -w $nss_pw \ + -s "$stap_options") & + stap_server_connect_pid=$! + wait + # NB: avoid superfast spinning in case of a ulimit or other failure + sleep 1 + done >> $logfile 2>&1 } # function: warning [ MESSAGE ] @@ -396,8 +404,8 @@ function terminate { wait '%avahi-publish-service' >> $logfile 2>&1 # Kill any running 'stap-server-connect' job. - kill -s SIGTERM '%${stap_pkglibexecdir}stap-server-connect' >> $logfile 2>&1 - wait '%${stap_pkglibexecdir}stap-server-connect' >> $logfile 2>&1 + kill -s SIGTERM $stap_server_connect_pid >> $logfile 2>&1 + wait $stap_server_connect_pid >> $logfile 2>&1 exit } -- cgit