Red Hat Bugzilla – Bug 296501
Broken Somalia DNS servers break amd!
Last modified: 2012-06-20 09:27:32 EDT
On a bunch of machines at the same time, amd started hanging. I traced the problem to a . in someone's LD_LIBRARY_PATH, they would run ps while in /net, and attempting to look up /net/libproc-3.2.7.so would break amd. It takes a very long time for DNS lookups in .so to (fail to) resolve today, I assume this is what triggered the bug. Although I fixed the . in the LD_LIBRARY_PATH, anyone can break amd in the future by just accessing /net/anything.so. (or any other slow-to-fail DNS record) Look how slow DNS is to fail for .so: # time ping -c1 libproc-3.2.7.so ping: unknown host libproc-3.2.7.so real 0m19.891s user 0m0.000s sys 0m0.004s
Easy way to reproduce - in one session: while :; do date; df -k >& /dev/null; sleep 1; done In another: while :; do ls -l /net/bogus-$RANDOM.so; done I verified it still happens with am-utils 6.1.5 This is actually a security issue, as it is a trivial denial-of-service that can be performed by any user.
Thank you for submitting this issue for consideration in Red Hat Enterprise Linux. The release for which you requested us to review is now End of Life. Please See https://access.redhat.com/support/policy/updates/errata/ If you would like Red Hat to re-consider your feature request for an active release, please re-open the request via appropriate support channels and provide additional supporting details about the importance of this issue.