[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Libvir] [patch 9/9] Implement better error reporting [repost]




--- Begin Message ---
Mark McLoughlin wrote:
	Doesn't accept() fail if the client fails to send the final ACK? Do we
want the daemon to die in that case? Think of an unprivileged user
connecting to the system daemon's readonly socket ... you really want to
be paranoid about the daemon exiting as it creates the opportunity for
unprivileged users to take down guests and networks.

	i.e. I'm not sure whether it would be actually possible to exploit it
in this way, but I'd tend to be pretty paranoid about any exit point
from the daemon.

On a similar topic, does anyone know if gnutls_handshake can be DoS'd by a client running arbitrarily slowly? At the moment if someone (even an untrusted host) makes a TCP connection to libvirtd but then doesn't do anything very much then no one else can connect for the duration. I can partly get around this by checking the IP address of the peer much earlier on (after accept() but before any GnuTLS start-up), but that only solves the problem if we're doing very crude IP-level checks, not user-level certificates from a single IP.

Rich.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature


--- End Message ---

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]