Re: [Ganglia-developers] patches for: [Sec] Gmetad server BoF and network overload + [Feature] multiple requests per conn on interactive port

Sun, 18 Jan 2009 05:09:34 -0800 

On Tue, Jan 13, 2009 at 11:41:19PM +0800, Spike Spiegel wrote:
> 
> === DoS attacks
> 1) Given REQUESTLEN=2048, and 3 characters to be the minimum to craft a valid
> and nonexistent path "/x", with the above feature implemented it would be
> possible to trigger 2048/3 calls to process_path which would possibly lead to
> CPU overload.

this is not handled by any of the provided patches but since processing
is aborted as soon as the path is considered invalid the depth of the
path is not relevant for CPU or bandwith utilization

> 2) extension to 1) - as it is ganglia returns the entire tree if an element is
> not found. with large trees 2048/3 requests could easily result in several GBs
> of data being transferred. Related to this if you look at gmetad/server.c 
> lines
> 601:606 you'll see this:
>                      err_msg("Got a malformed path request from %s", 
> remote_ip);
>                      /* Send them the entire tree to discourage attacks. */
>                      strcpy(request, "/");
> which leads to the same scenario as above.

the amount of data returned is not dependent on the depth of the path
because it will always be the full XML tree (once).

> What I propose is that for both cases, malformed request and non existent
> items, we log an error and bail out. This would solve 2) and most of 1) making
> the call possibly exist far quicker.

the proposed solution will result in a truncated XML which then will fail to
be parsed in the client and in an obscure error like "unable to write
XML tree info".

agree that returning the whole tree isn't the best way to signal a
syntax error, but returning a truncated XML will be more difficult to
handle in the client side as depending on the implementation used it
will fail to even load with an exception.

because the connection to the client is getting severed when it is
malformed it will also show strange errors like "unable to write root
preamble (DTD, etc)" or "Connection reset by peer" in the client.

Carlo

------------------------------------------------------------------------------
This SF.net email is sponsored by:
SourcForge Community
SourceForge wants to tell your story.
http://p.sf.net/sfu/sf-spreadtheword
_______________________________________________
Ganglia-developers mailing list
Ganglia-developers@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ganglia-developers

Reply via email to