Opened 13 months ago
Last modified 12 months ago
#18674 new bug
ports IPC is vulnerable to DoS attacks
Reported by: | X512 | Owned by: | nobody |
---|---|---|---|
Priority: | normal | Milestone: | R2 |
Component: | System/Kernel | Version: | R1/Development |
Keywords: | Cc: | ||
Blocked By: | Blocking: | ||
Platform: | All |
Description
This is hrev57377.
Core Haiku servers such as registrar
or app_server
use ports IPC mechanisms that is currently vulnerable to DoS attacks.
For example app_server
port that accepts connections can be read by any team, not only app_server
. So if some malicious program will run infinite app_server
port reading loop, new BApplication
s will fail to start.
Some kind of protection against such attacks is required, for example add an option to forbid port reading by non-owner team.
Attachments (1)
Change History (4)
by , 13 months ago
Attachment: | AppServerDoS.cpp added |
---|
comment:1 by , 12 months ago
Milestone: | Unscheduled → R2 |
---|
comment:2 by , 12 months ago
Port reading by non-owner may be useful if event loop is run by a team that do not own port. It can be useful in scenario where port is owned by client team and messages are processed by server team so if client team exit, server will automatically notice that connection is gone and get B_BAD_PORT_ID error on read.
comment:3 by , 12 months ago
Problem can be fixed in generic way by introducing per-team permission flags for each kernel object.
Possible set of permissions for each kernel object:
Object | Permissions |
---|---|
team, thread | kill, debug, send, receive |
port | read, write, close, delete |
sem | acquire, release, delete |
area | clone, resize, set protection, delete |
Is there any real use for port reading by non-owners?
I guess BeOS must've permitted this, or else we would've already blocked it?