pcp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Bug 1061] New: mmv pmda sensitive to TOCTOU for shmem metadata extracti

from [bugzilla-daemon] [Permanent Link][Original]
To: pcp@xxxxxxxxxxx
Subject: [Bug 1061] New: mmv pmda sensitive to TOCTOU for shmem metadata extraction
From: bugzilla-daemon@xxxxxxxxxxx
Date: Sun, 27 Jul 2014 17:35:00 +0000
Auto-submitted: auto-generated
Delivered-to: pcp@xxxxxxxxxxx
Bug ID 1061
Summary mmv pmda sensitive to TOCTOU for shmem metadata extraction
Product pcp
Version unspecified
Hardware All
OS Linux
Status NEW
Severity major
Priority P5
Component pcp
Assignee pcp@kenj.com.au
Reporter fche@redhat.com
CC pcp@oss.sgi.com
Classification Unclassified 

It appears possible for an libmmv-based application to issue mmv_stats_init(3)
calls close enough to confuse the mmv pmda.  That's because the mmv pmda only
checks the shmem g1/g2 generation numbers once, and assumes that during the 
whole need_reload==1 processing, the shmem contents will be stable.

An adequate workaround could be to have the mmv pmda copy the shmem segment
into a private copy (possibly looping if the libmmv app keeps changing
things -- but watch out for DoS!), then using the stable private copy to
populate the PMNS etc., and to compute persistent pointers to the shmem
pmAtoms.

You are receiving this mail because:
  • You are on the CC list for the bug.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Bug 1061] New: mmv pmda sensitive to TOCTOU for shmem metadata extraction, bugzilla-daemon <=
Previous by Date:  Re: systemtap/pcp integration, Frank Ch. Eigler
Next by Date:  [Bug 1062] New: mmv pmda sensitive to malevolent data, bugzilla-daemon
Previous by Thread:  Floating point problem, Martin Spier
Next by Thread:  [Bug 1062] New: mmv pmda sensitive to malevolent data, bugzilla-daemon
Indexes:  [Date] [Thread] [Top] [All Lists]