On 04 Jan 99 17:41:22 +0100, Rask Ingemann Lambertsen wrote:
> However, the interesting thing here is not the DoS itself, but the problem
>that you don't know who to point the gun at afterwards.
Why not:
1. write message tai.pid.N
1a close message handle
2. write addresses, etc.
3. Move tai.pid.N to tai.pid
4. link addresses to todo.
5. close addresses.
6. Have qmail-clean also remove any message files "tai.pid.N" where
"pid" is a pid not used by a currently running [qmail-queue] process.
[I don't know how expensive this piece of info is, but it would be
rare, since it would normally only be files for currently running
qmail-queue. I can be made even rarer by placing a restriction on "tai"
to say > 5 min old.
Now as long as qmail-clean is run more frequently that it takes to
snarf all inodes (and does this faster than the snarfing program), it
should work. Any qmail-queue attack needs to fork qmail-queue once per
inode stolen, whereas qmail-clean runs until done, so qmail-clean
should remove files faster than they are created.
In the normal case, qmail-clean would do the extra work of looking up
the pid once per currently running qmail-queue process (the number of
expected tai.pid.N files).
qmail-clean could also go through mess files and do the "pid" check for
any mess files for which there does not exist a todo, local, remote, or
bounce file. This way, the "N" could be eliminated, but this seems
unacceptable expensive in the normal case, since it involves 4 lookups
for each message in the queue.
Hope this makes some sense ...
-Sincerely, Fred
(Frederik Lindberg, Infectious Diseases, WashU, St. Louis, MO, USA)
