| To: | Ken McDonell <kenj@xxxxxxxxxxxxxxxx> |
|---|---|
| Subject: | Re: pcp updates - yippee secure socket connections work |
| From: | fche@xxxxxxxxxx (Frank Ch. Eigler) |
| Date: | Thu, 18 Apr 2013 20:15:08 -0400 |
| Cc: | pcp@xxxxxxxxxxx |
| Delivered-to: | pcp@xxxxxxxxxxx |
| In-reply-to: | <516F8AB8.6000807@xxxxxxxxxxxxxxxx> (Ken McDonell's message of "Thu, 18 Apr 2013 15:55:04 +1000") |
| References: | <516F8AB8.6000807@xxxxxxxxxxxxxxxx> |
| User-agent: | Gnus/5.1008 (Gnus v5.10.8) Emacs/21.4 (gnu/linux) |
Ken McDonell <kenj@xxxxxxxxxxxxxxxx> writes: > [...] Since this is ONLY at the core of EVERYTHING in PCP, it would > be a good idea to have as may knowing eyes look at this particular > change as possible and be ruthless in your reviewing. It looks like it should cure the problem ... but ... now it puts a blocking loop into the core pduread() function, which is not supposed to block. So it makes it possible for a remote attacker to open a connection, send just one byte down the pipe, and DoS the pmcd. Instead, how about inlining pduread() within __pmGetPDU(), where the packet timeout may be observed during the incremental assembly of the header *and* the payload. (Also, the new code shouldn't ever use read(2) on the fd, but only __pmRecv, methinks.) - FChE |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: PCP Developers Meetup notes - 17/4/2013 - 08:00-10:30 (+1000), Frank Ch. Eigler |
|---|---|
| Next by Date: | Re: [pcp] pcp updates - yippee secure socket connections work, Nathan Scott |
| Previous by Thread: | Re: [pcp] pcp updates - yippee secure socket connections work, Nathan Scott |
| Next by Thread: | Re: pcp updates - yippee secure socket connections work, Ken McDonell |
| Indexes: | [Date] [Thread] [Top] [All Lists] |