Re: Anonymous Qmail Denial of Service

trevKICS.BC.CA

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Trev: "Dosemu/S-Lang Overflow + sploit"
• Previous message: Illuminatus Primus: "Re: Anonymous Qmail Denial of Service"
• In reply to: Wietse Venema: "Anonymous Qmail Denial of Service"
• Next in thread: Nick Andrew: "Re: Anonymous Qmail Denial of Service"

At 12:04 AM 1/4/99 -0500, Wietse Venema wrote:

<--big snip-->

>What happens when the qmail-queue process is signaled with, say,
>SIGKILL? The file will stay in the queue. That's a zero-length
>file, owned by qmail, without any user identification whatsoever.

<--snip-->

>When this sequence is executed a sufficient number of times, the
>queue file system runs out of available resources.  No-one can send
>mail. No-one can receive mail. And no-one can be held responsible.

<--snip again-->

Pardon my comments here, I am no qmail expert (I don't even run the thing),
but surely you could get around this by applying a small patch to
qmail-queue to look for such zero-length files and remove any that are
found (ie: one of the first things it does).  If the task of searching the
directory upon each invocation seems too much, have it save a reference
marker to another temp file that qmail-queue could then remove when it
exits successfully.  Wouldn't that prevent that particular DoS?

Trev

• Next message: Trev: "Dosemu/S-Lang Overflow + sploit"
• Previous message: Illuminatus Primus: "Re: Anonymous Qmail Denial of Service"
• In reply to: Wietse Venema: "Anonymous Qmail Denial of Service"
• Next in thread: Nick Andrew: "Re: Anonymous Qmail Denial of Service"