Opened 6 months ago
Last modified 4 months ago
#18674 new bug
ports IPC is vulnerable to DoS attacks
| Reported by: | X512 | Owned by: | nobody |
|---|---|---|---|
| Priority: | normal | Milestone: | R2 |
| Component: | System/Kernel | Version: | R1/Development |
| Keywords: | Cc: | ||
| Blocked By: | Blocking: | ||
| Platform: | All |
Description
This is hrev57377.
Core Haiku servers such as registrar or app_server use ports IPC mechanisms that is currently vulnerable to DoS attacks.
For example app_server port that accepts connections can be read by any team, not only app_server. So if some malicious program will run infinite app_server port reading loop, new BApplications will fail to start.
Some kind of protection against such attacks is required, for example add an option to forbid port reading by non-owner team.
Attachments (1)
Change History (4)
by , 6 months ago
| Attachment: | AppServerDoS.cpp added |
|---|
comment:1 by , 4 months ago
| Milestone: | Unscheduled → R2 |
|---|
comment:2 by , 4 months ago
Port reading by non-owner may be useful if event loop is run by a team that do not own port. It can be useful in scenario where port is owned by client team and messages are processed by server team so if client team exit, server will automatically notice that connection is gone and get B_BAD_PORT_ID error on read.
comment:3 by , 4 months ago
Problem can be fixed in generic way by introducing per-team permission flags for each kernel object.
Possible set of permissions for each kernel object:
| Object | Permissions |
|---|---|
| team, thread | kill, debug, send, receive |
| port | read, write, close, delete |
| sem | acquire, release, delete |
| area | clone, resize, set protection, delete |
Is there any real use for port reading by non-owners?
I guess BeOS must've permitted this, or else we would've already blocked it?