Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S268490AbUILG3g (ORCPT ); Sun, 12 Sep 2004 02:29:36 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S268488AbUILG3g (ORCPT ); Sun, 12 Sep 2004 02:29:36 -0400 Received: from mailgate2.mysql.com ([213.136.52.47]:43214 "EHLO mailgate.mysql.com") by vger.kernel.org with ESMTP id S268490AbUILG3d (ORCPT ); Sun, 12 Sep 2004 02:29:33 -0400 Subject: Re: Linux 2.4.27 SECURITY BUG - TCP Local (probable Remote) Denial of Service From: Peter Zaitsev To: "David S. Miller" Cc: Wolfpaw - Dale Corse , linux-kernel@vger.kernel.org In-Reply-To: <20040911204710.4aa7abed.davem@davemloft.net> References: <022601c49866$9e8aa8f0$0300a8c0@s> <000001c49872$99333460$0200a8c0@wolf> <20040911204710.4aa7abed.davem@davemloft.net> Content-Type: text/plain Message-Id: <1094970424.29211.489.camel@sphere.site> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.6 Date: Sat, 11 Sep 2004 23:27:05 -0700 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1715 Lines: 50 On Sat, 2004-09-11 at 20:47, David S. Miller wrote: > If the application doesn't close it's file descriptors there is > absolutely nothing the kernel can do about it. > > It's a resource leak, plain and simple. > > > That being said - below is a the proper description, and the code > > used to exploit it. Hope it helps. This version is not the one > > which invokes the CLOSE_WAIT state, but rather the TIME_WAIT one, > > I am not able to publish the source code for the CLOSE_WAIT bug. > > There is nothing wrong with creating tons of TIME_WAIT sockets, > they simply time out after 60 seconds (unless hit by a RESET > packet or similar). This is how TCP works. > Hm, As this question arose may I ask where this timeout is configured ? There is tcp_fin_timeout configuration but I found nothing corresponding to TIME_WAIT. Here is how it bothers me. On the Web sites using Apache/PHP and MySQL on different hosts I often see "Sleep" connections hanging for many minutes on MySQL hosts. Tracking remote host and port shows this connection is not assigned to any process on other end any more but rather being in TIME_WAIT state. I do not care about TIME_WAIT connection on client site itself, what concerns me is, until connection is not fully closed server side does not seems to be informed connection is dead and so server resources are not deallocated. Any ideas ? -- Peter Zaitsev, Senior Support Engineer MySQL AB, www.mysql.com - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/