Re: [Libcg-devel] [PATCH 1/2] cgrulesengd: cgclassify: move a PID check into the client

[Michal Hocko]

On Fri 08-07-11 13:58:25, Nikiforov Alex wrote:
>  From 4ff9e938522d1f5980706cbbb09019493ea7425a Mon Sep 17 00:00:00 2001
> From: Alex Nikiforov <a.nikifo...@samsung.com>
> Date: Fri, 8 Jul 2011 13:09:57 +0400
> 
> Move PID check code from the server to the client. We dont need any 
> read()/write() if it's not valid.

What happens if somebody else use the socket and inject an invalid pid?
Can this be misused - e.g. DOS attack?

AFAICS, if we didn't check the validity we would simply call
cgre_store_unchanged_process and increase internally used storage which
can grow without any bounds. Existence of a pid limits us reasonably.

> 
> Signed-off-by: Alex Nikiforov <a.nikifo...@samsung.com>
> 
> ---
>   src/daemon/cgrulesengd.c |    7 -------
>   src/tools/cgclassify.c   |   11 ++++++++---
>   2 files changed, 8 insertions(+), 10 deletions(-)
> 
[...]
> diff --git a/src/tools/cgclassify.c b/src/tools/cgclassify.c
> index 397b725..029d091 100644
> --- a/src/tools/cgclassify.c
> +++ b/src/tools/cgclassify.c
[...]
> @@ -167,8 +168,12 @@ int main(int argc, char *argv[])
>       }
> 
>       for (i = optind; i < argc; i++) {
> +
>               pid = (uid_t) strtol(argv[i], &endptr, 10);
> -             if (endptr[0] != '\0') {
> +             snprintf(path, FILENAME_MAX, "/proc/%d", pid);

You are doing this string operation even though you get an invalid
argument. I know that error handling gets more complicated but I do not
see any reason to to do snprintf if you get a mess.

> +
> +             /* check PID */
> +             if (endptr[0] != '\0' || stat(path, &buff_stat)) {
>                       /* the input argument was not a number */
>                       fprintf(stderr, "Error: %s is not valid pid.\n",
>                               argv[i]);

The check should be done for sure.

> @@ -190,6 +195,6 @@ int main(int argc, char *argv[])
>               if (ret)
>                       exit_code = 1;
>       }
> -     return exit_code;
> 
> +     return exit_code;
>   }

Pointless hunk.

-- 
Michal Hocko
SUSE Labs
SUSE LINUX s.r.o.
Lihovarska 1060/12
190 00 Praha 9    
Czech Republic

------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security 
threats, fraudulent activity, and more. Splunk takes this data and makes 
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2
_______________________________________________
Libcg-devel mailing list
Libcg-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/libcg-devel