[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[linux-security] Re: IPMASQ and lock-up of all terminals



On Mon, Feb 28, 2000 at 03:25:43PM -0500, Joshua M. Thompson wrote:
> I have seen very similiar behavior before on one of my RH6.0 boxes. It
> occured when syslog froze, causing any programs that try to use the
> logging facilities to block. If you have an active shell connection to the
> box when it happens you can kill syslogd and it will unlock. Otherwise the
> hard reboot is the only way out.

I've seen this happen on RH61 system where the machine was running BIND, and
using itself as it's preferred resolv host while running syslogd in network
mode (-r option).

Named has an syslogable event while syslogd receives a network syslog message
from another machine, and deadlock, named blocks writing to the syslog pipe
and syslog blocks on a ip resolv.

Pam (used by login) logs all sorts of things to syslog, which is now hung,
and you see where this goes.

If you have a secondary choice in /etc/resolve, after a few seconds of 
syslogd failing to resovl it succeeds with the lookup.  However, if your
machines does lots of things, generating lots of syslog messages you can
easily be consumed by this race.

[mod: Meriwether however reports that HIS machine doesn't have itself
in resolv.conf, so there must be anotherway to "deadlock" the machine
-- REW]


-- 
Ted Deppner
ted psyber com
http://www.psyber.com



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]