[Bug 293000] Re: hardy: openssh-server oom_adj can lead to denial of service
ksuehring
suehring at hhi.de
Wed Mar 3 22:03:31 GMT 2010
OK, I've debugged a bit into the lucid upstart scripts:
First, I can confirm the regression.
The oom_adj patch is still in place, which is the good news. The bad
news is, that the problem is now caused by the upstart script
/etc/init/ssh.conf
Apparently the author didn't understand how the oom_adj patch works. The
config file contains the lines:
#replaces SSHD_OOM_ADJUST in /etc/default/ssh
oom never
This comment is false!
"oom never" sets the oom_adj value to -17 before the sshd is started.
The sshd patch now saves that value, sets its own oom_adj value to the
one from the environment variable SSHD_OOM_ADJUST (if set) and sets the
oom_adj value of all child processes to the saved value, which is -17 in
this case.
So all children of sshd cannot be killed which leads to the well known
denial of service issue.
--
hardy: openssh-server oom_adj can lead to denial of service
https://bugs.launchpad.net/bugs/293000
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in ubuntu.
More information about the Ubuntu-server-bugs
mailing list