Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 14 Sep 2002 08:40:47 -0400 (EDT)
From:      Alan Eldridge <ports@geeksrus.net>
To:        FreeBSD-gnats-submit@FreeBSD.org
Cc:        jmallet@FreeBSD.org, kris@obsecurity.org
Subject:   bin/42772: usr.bin/make: patch to stop a fork bomb
Message-ID:  <200209141240.g8ECelg9046253@wwweasel.geeksrus.net>
next in thread | raw e-mail | index | archive | help 

>Number:         42772
>Category:       bin
>Synopsis:       usr.bin/make: patch to stop a fork bomb
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Sep 14 05:50:02 PDT 2002
>Closed-Date:
>Last-Modified:
>Originator:     Alan Eldridge
>Release:        FreeBSD 4.7-PRERELEASE i386
>Organization:
Geeksrus.NET
>Environment:
System: FreeBSD wwweasel.geeksrus.net 4.7-PRERELEASE FreeBSD 4.7-PRERELEASE #0: Sun Sep 8 06:05:58 EDT 2002 root@wwweasel.geeksrus.net:/usr/obj/usr/src/sys/WWWEASEL i386

>Description:

Under certain cirumstances, it is possible, by setting certain variables
(does anybody have a list?), to cause a ports make to enter an infinite 
look, eventually fork()ing itself to dealth, and presenting a denial-of-service attach against the host by preventing other programs from fork()ing.

This patch uses an env var, __MKLVL__, to keep track of the recursion
level and causes a failure when it reaches 500.

>How-To-Repeat:

cd /usr/ports/irc/xchat; make USE_GNOME-gtk12 package

>Fix:

Note: this is just a tournequet for a severed artery; it prevents the 
most egregious symptom and prevents the box from falling on its side.

However, I'd be grateful if this could be committed to both CURRENT and
STABLE ASAP after the code freeze is lifted. Thanks.

==8<====8<====8<====8<====8<====8<====8<====8<====8<====8<==
diff -ru /usr/src/usr.bin/make/main.c usr.bin/make/main.c
--- /usr/src/usr.bin/make/main.c	Thu Jul 25 03:10:15 2002
+++ usr.bin/make/main.c	Sat Sep 14 08:07:29 2002
@@ -108,6 +108,8 @@
 #include "job.h"
 #include "pathnames.h"
 
+#define WANT_ENV_MKLVL	1
+
 #ifndef	DEFMAXLOCAL
 #define	DEFMAXLOCAL DEFMAXJOBS
 #endif	/* DEFMAXLOCAL */
@@ -475,6 +477,12 @@
 	struct stat sb;
 	char *pwd;
 #endif
+#ifdef WANT_ENV_MKLVL
+#define MKLVL_MAXVAL	500
+#define MKLVL_ENVVAR	"__MKLVL__"
+	int iMkLvl = 0;
+	char *szMkLvl = getenv(MKLVL_ENVVAR);
+#endif /* WANT_ENV_MKLVL */
 	char mdpath[MAXPATHLEN + 1];
 	char obpath[MAXPATHLEN + 1];
 	char cdpath[MAXPATHLEN + 1];
@@ -485,6 +493,19 @@
 	char *cp = NULL, *start;
 					/* avoid faults on read-only strings */
 	static char syspath[] = _PATH_DEFSYSPATH;
+
+#ifdef WANT_ENV_MKLVL
+	if ((iMkLvl = szMkLvl ? atoi(szMkLvl) : 0) < 0) {
+	  iMkLvl = 0;
+	}
+	if (iMkLvl++ > MKLVL_MAXVAL) {
+	  errc(2, EAGAIN, 
+	       "Max recursion level (%d) exceeded.", MKLVL_MAXVAL);
+	}
+	bzero(szMkLvl = emalloc(32), 32);
+	sprintf(szMkLvl, "%d", iMkLvl);
+	setenv(MKLVL_ENVVAR, szMkLvl, 1);
+#endif /* WANT_ENV_MKLVL */
 
 #ifdef RLIMIT_NOFILE
 	/*
==8<====8<====8<====8<====8<====8<====8<====8<====8<====8<==

>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200209141240.g8ECelg9046253>