[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
Eric Desrochers
eric.desrochers at canonical.com
Mon Aug 24 14:16:25 UTC 2015
I was able to reproduce the problem on PRECISE (12.04) by lowering the
kernel parameter value "net.core.rmem_max".
And then test my .deb build on my PPA[1] with the following upstream
commits :
- d6df9d3 [Bug 2224] Use-after-free in routing socket code after dropping root.
- db47bd4 [Bug 2890] Ignore ENOBUFS on routing netlink socket.
What the patch does ?
===
The program first "read" from the fd. On success, the number of bytes written into buf is
returned. On error, the call returns −1 and sets errno
If the call returns -1, then there is a verification to validate if the
errno == ENOBUFS
and then send to syslog the following message : "routing socket reports:
No buffer space available"
Otherwise, if errno is NOT ENOBUFS, then it close the socket
(remove_asyncio_reader(reader);) and free the memory space
(delete_asyncio_reader(reader);)
And send to syslog the following message : i/o error on routing socket
No buffer space available - disabling
Before this patch, no matter what was the errno, it was automatically
close() and free() without validation if ENOBUFS or not.
To summarize, the patch allow the program to not close() and free() the socket when the a errno == ENOBUFS occur, but still send a message in syslog to notify the administrator.
===
If after installing the patch, you are receiving this kind of message in
/var/log/syslog : "routing socket reports: No buffer space available"
The next step, would be to increase the "net.core.rmem_max" and
"net.core.wmem_max"values equally until the "routing socket reports: No
buffer space available" message no longer showed up.
[1] 1:4.2.6.p3+dfsg-1ubuntu3.4+20150820lp1481388~2
https://launchpad.net/~eric-desrochers-z/+archive/ubuntu/lp1481388
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to ntp in Ubuntu.
https://bugs.launchpad.net/bugs/1481388
Title:
NTP : Use-after-free in routing socket code after dropping root
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+subscriptions
More information about the Ubuntu-server-bugs
mailing list