This is the mail archive of the mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH][BZ #16072] Fix stack overflow due to large AF_INET6 requests

On Friday 25 October 2013 00:41:44 Siddhesh Poyarekar wrote:
> On Thu, Oct 24, 2013 at 05:51:35PM -0400, Frank Ch. Eigler wrote:
> > But the CVE's were issued precisely because sometimes attackers have
> > control of a DNS zone.  But the DoS worry (that the act of attempting
> > to allocate excessive memory harms the system) seems quite remote in
> > this case.
> Right, thanks for pointing that out.

for other APIs (like regex), iiuc, our position has been that any sane service 
which may be accessed remotely is supposed to be using sane ulimit/etc... to 
limit resource over taxing.  otherwise, you run into things like:
	- ftp server allows regex w/ls commands
	- ftp server uses C library's regex API
	- resource exhaustion due to use of pathological regex (back references 
and lots of sub groups and such)

should we codify that position somewhere ?

Attachment: signature.asc
Description: This is a digitally signed message part.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]