Re: Denial of service attack via libpager

[Richard Braun]

On Sun, Aug 28, 2016 at 12:20:14PM -1000, Brent W. Baccala wrote:
> So, there's several problems here:
> 
> 1. libpager can't handle multiple clients
> 2. the kernel can't recover from a failed attempt to get a file's memory
> object
> 3. ext2fs can't cleanly shutdown in this case
> 
> I'm continuing to lobby for a multi-client libpager!  I can see that it's
> going to raise a lot of locking and concurrency issues, but this program
> demonstrates that we've already got problems with the current scheme.  Even
> a simple multi-client libpager should allow shared read-only access, which
> would prevent an unprivileged user from mounting this attack.  Root, with
> write access to the files in /bin, could still do it, though.

I'm really not seeing the relation between "multiple clients" and
"multiple threads". Libpager must be able to handle multiple clients
with a single thread, otherwise we don't control scalability and we're
back to where we were before Justus' rework...

And again, I think it's much easier and much more helpful to change
exec and others to _avoid_ mmap, and copy the data in instead,
possibly (and in this case probably) with zero-copy.

Finally, I fail to see how making libpager handle multiple clients
will solve that issue. The only client should be the local kernel,
right ?

-- 
Richard Braun