Bug 296501 - Broken Somalia DNS servers break amd!
Broken Somalia DNS servers break amd!
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: am-utils (Show other bugs)
All Linux
low Severity low
: ---
: ---
Assigned To: Karel Zak
Depends On:
  Show dependency treegraph
Reported: 2007-09-19 12:01 EDT by Chuck Berg
Modified: 2012-06-20 09:27 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-06-20 09:27:32 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Chuck Berg 2007-09-19 12:01:27 EDT
On a bunch of machines at the same time, amd started hanging.

I traced the problem to a . in someone's LD_LIBRARY_PATH, they would run ps
while in /net, and attempting to look up /net/libproc-3.2.7.so would break amd.

It takes a very long time for DNS lookups in .so to (fail to) resolve today, I
assume this is what triggered the bug.

Although I fixed the . in the LD_LIBRARY_PATH, anyone can break amd in the
future by just accessing /net/anything.so. (or any other slow-to-fail DNS record)

Look how slow DNS is to fail for .so:

# time ping -c1 libproc-3.2.7.so
ping: unknown host libproc-3.2.7.so

real    0m19.891s
user    0m0.000s
sys     0m0.004s
Comment 1 Chuck Berg 2007-09-19 14:39:35 EDT
Easy way to reproduce - in one session:
while :; do date; df -k >& /dev/null; sleep 1; done

In another:
while :; do ls -l /net/bogus-$RANDOM.so; done

I verified it still happens with am-utils 6.1.5

This is actually a security issue, as it is a trivial denial-of-service that can
be performed by any user.
Comment 2 Jiri Pallich 2012-06-20 09:27:32 EDT
Thank you for submitting this issue for consideration in Red Hat Enterprise Linux. The release for which you requested us to review is now End of Life. 
Please See https://access.redhat.com/support/policy/updates/errata/

If you would like Red Hat to re-consider your feature request for an active release, please re-open the request via appropriate support channels and provide additional supporting details about the importance of this issue.

Note You need to log in before you can comment on or make changes to this bug.