Debian Bug report logs - #872798
nslcd: can be killed by the OOM Killer, DoS

Full log

Message #15 received at [email protected] (full text, mbox, reply):

Received: (at 872798) by bugs.debian.org; 21 Aug 2017 22:52:30 +0000
From [email protected] Mon Aug 21 22:52:30 2017
X-Spam-Checker-Version: SpamAssassin 3.4.1-bugs.debian.org_2005_01_02
	(2015-04-28) on buxtehude.debian.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.4 required=4.0 tests=FOURLA,HAS_BUG_NUMBER,
	RP_MATCHES_RCVD,URIBL_CNKR autolearn=unavailable autolearn_force=no
	version=3.4.1-bugs.debian.org_2005_01_02
X-Spam-Bayes: score:0.5  spammytokens: hammytokens:
Return-path: <[email protected]>
Received: from ioooi.vinc17.net ([92.243.22.117])
	by buxtehude.debian.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.89)
	(envelope-from <[email protected]>)
	id 1djvYc-0006bG-1q
	for [email protected]; Mon, 21 Aug 2017 22:52:30 +0000
Received: from smtp-zira.vinc17.net (128.119.75.86.rev.sfr.net [86.75.119.128])
	by ioooi.vinc17.net (Postfix) with ESMTPSA id 482974F5;
	Tue, 22 Aug 2017 00:52:27 +0200 (CEST)
Received: by zira.vinc17.org (Postfix, from userid 1000)
	id 1B33FC21C07; Tue, 22 Aug 2017 00:52:27 +0200 (CEST)
Date: Tue, 22 Aug 2017 00:52:27 +0200
From: Vincent Lefevre <[email protected]>
To: [email protected]
Subject: Re: Bug#872798: nslcd: can be killed by the OOM Killer, DoS
Message-ID: <[email protected]>
References: <[email protected]>
 <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <[email protected]>
X-Mailer-Info: https://www.vinc17.net/mutt/
User-Agent: Mutt/1.8.3-7133-vl-r99863 (2017-08-20)

Control: severity -1 normal

(fixing the typo in the Control line)

On 2017-08-21 21:47:04 +0200, Arthur de Jong wrote:
> Control: sevirity -1 normal
> 
> On Mon, 2017-08-21 at 13:17 +0200, Vincent Lefevre wrote:
> > Severity: grave
> > Justification: causes non-serious data loss and DoS from an end user.
> 
> The severity is a bit questionable and, at the very least not a flaw in
> or unique to nslcd.

Perhaps not unique to nslcd, but the consequences are the worst when
nslcd is killed: one can no longer access to the machine.

> Any local user that does not have resource limits applied to them
> can DoS the whole system easily so I'm lowering the severity to
> normal.

Note that users here are not malicious (they would have serious
problems if they DoS the whole system on purpose). Memory can be
exhausted by mistake (e.g. due to bugs) or just because the users
try to push the limits to solve some problems, and for this reason,
there are no resource limits. Still, one expects that the system
reacts in a reasonable manner if possible, e.g. the whole machine
should not crash and should remain accessible.

> The OOM is indeed a bit of Russian roulette on your system. You can
> tune it a bit with vm.panic_on_oom and vm.overcommit_memory sysctls or
> perform the following action that is equivalent to what newer nslcd
> does:
> 
> echo -1000 > /proc/`cat /var/run/nslcd/nslcd.pid`/oom_score_adj

I suppose that a workaround based on this in /etc/init.d/nslcd could
be after "start-stop-daemon --start ...":

  status=$?
  if [ $status -eq 0 ]; then
    echo -1000 > /proc/`cat $NSLCD_PIDFILE`/oom_score_adj
  fi
  log_end_msg $status
  ;;

-- 
Vincent Lefèvre <[email protected]> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Send a report that this bug log contains spam.