[Bug 1062] New: mmv pmda sensitive to malevolent data

[bugzilla-daemon@xxxxxxxxxxx]

Bug ID	1062
Summary	mmv pmda sensitive to malevolent data
Product	pcp
Version	unspecified
Hardware	All
OS	Linux
Status	NEW
Severity	major
Priority	P5
Component	pcp
Assignee	pcp@kenj.com.au
Reporter	fche@redhat.com
CC	pcp@oss.sgi.com
Classification	Unclassified

The mmv shmem TOC data structures contain offsets/pointers to other
places within the shmem for strings and other data structures.  If
these offsets/pointers are not as expected, the pmda mmv could be
tricked to read non-intended regions of its own memory.    (If the
pmda were used in DSO mode, it could be used to pull out private
memory  from the PMCD!)

The pmda mmv should defend itself from such trickery by checking
all shmem-originated pointer/offset data to ensure that only
internal references are processed.  While the mmv(5) structure
appears to lack linked list type structures that could be vulnerable
to DoS (by tricking the pmda to loop infinitely), many other
values like table size counts need to be sanity-checked.

Considering that unprivileged processes may deposit mmv shmem
objects under /var/lib/pcp/tmp, we should consider fuzz-testing
the pmda to the same standard as we test the network servers'
tolerance to bad packets.

---

      You are receiving this mail because:

• You are on the CC list for the bug.