Red Hat Bugzilla – Bug 296501
Broken Somalia DNS servers break amd!
Last modified: 2012-06-20 09:27:32 EDT
On a bunch of machines at the same time, amd started hanging.
I traced the problem to a . in someone's LD_LIBRARY_PATH, they would run ps
while in /net, and attempting to look up /net/libproc-3.2.7.so would break amd.
It takes a very long time for DNS lookups in .so to (fail to) resolve today, I
assume this is what triggered the bug.
Although I fixed the . in the LD_LIBRARY_PATH, anyone can break amd in the
future by just accessing /net/anything.so. (or any other slow-to-fail DNS record)
Look how slow DNS is to fail for .so:
# time ping -c1 libproc-3.2.7.so
ping: unknown host libproc-3.2.7.so
Easy way to reproduce - in one session:
while :; do date; df -k >& /dev/null; sleep 1; done
while :; do ls -l /net/bogus-$RANDOM.so; done
I verified it still happens with am-utils 6.1.5
This is actually a security issue, as it is a trivial denial-of-service that can
be performed by any user.
Thank you for submitting this issue for consideration in Red Hat Enterprise Linux. The release for which you requested us to review is now End of Life.
Please See https://access.redhat.com/support/policy/updates/errata/
If you would like Red Hat to re-consider your feature request for an active release, please re-open the request via appropriate support channels and provide additional supporting details about the importance of this issue.