Opened 12 months ago

Last modified 11 months ago

#18674 new bug

ports IPC is vulnerable to DoS attacks

Reported by: X512 Owned by: nobody
Priority: normal Milestone: R2
Component: System/Kernel Version: R1/Development
Keywords: Cc:
Blocked By: Blocking:
Platform: All

Description

This is hrev57377.

Core Haiku servers such as registrar or app_server use ports IPC mechanisms that is currently vulnerable to DoS attacks.

For example app_server port that accepts connections can be read by any team, not only app_server. So if some malicious program will run infinite app_server port reading loop, new BApplications will fail to start.

Some kind of protection against such attacks is required, for example add an option to forbid port reading by non-owner team.

Attachments (1)

AppServerDoS.cpp (460 bytes ) - added by X512 12 months ago.

Download all attachments as: .zip

Change History (4)

by X512, 12 months ago

Attachment: AppServerDoS.cpp added

comment:1 by waddlesplash, 11 months ago

Milestone: UnscheduledR2

Is there any real use for port reading by non-owners?

I guess BeOS must've permitted this, or else we would've already blocked it?

comment:2 by X512, 11 months ago

Port reading by non-owner may be useful if event loop is run by a team that do not own port. It can be useful in scenario where port is owned by client team and messages are processed by server team so if client team exit, server will automatically notice that connection is gone and get B_BAD_PORT_ID error on read.

comment:3 by X512, 11 months ago

Problem can be fixed in generic way by introducing per-team permission flags for each kernel object.

Possible set of permissions for each kernel object:

Object Permissions
team, thread kill, debug, send, receive
port read, write, close, delete
sem acquire, release, delete
area clone, resize, set protection, delete
Note: See TracTickets for help on using tickets.