Date: Fri, 04 Aug 2017 22:32:31 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 221233] security/sshguard: version 2.0 acts like a fork bomb with syslogd pipes Message-ID: <bug-221233-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D221233 Bug ID: 221233 Summary: security/sshguard: version 2.0 acts like a fork bomb with syslogd pipes Product: Ports & Packages Version: Latest Hardware: amd64 OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: freebsd-ports-bugs@FreeBSD.org Reporter: spambox@haruhiism.net CC: dan.mcgregor@usask.ca CC: dan.mcgregor@usask.ca Flags: maintainer-feedback?(dan.mcgregor@usask.ca) I upgraded to sshguard 2.0.0 recently and after a good while noticed load averages of 200+. sshguard is using the pf back-end along with the supplied /usr/local/etc/syslog.d/sshguard file that adds a pipe to sshguard. It appears this invocation method leads to sshguard spawning instances endlessly with each new log entry; here's just a very small snippet of "ps = aux | grep sshg": ... root 74839 0.0 0.0 6608 2548 - I Fri02 0:00.08 /usr/local/libexec/sshg-blocker -a 30 -p 120 -s root 74840 0.0 0.0 7048 2700 - I Fri02 0:00.00 /bin= /sh /usr/local/sbin/sshguard root 74841 0.0 0.0 7048 2684 - I Fri02 0:00.01 /bin= /sh /usr/local/libexec/sshg-fw-pf root 75123 0.0 0.0 7048 2700 - Is 09:51 0:00.01 /bin= /sh /usr/local/sbin/sshguard root 75125 0.0 0.0 7632 3144 - S 09:51 0:00.67 /usr/local/libexec/sshg-parser root 75126 0.0 0.0 6608 2548 - I 09:51 0:00.07 /usr/local/libexec/sshg-blocker -a 30 -p 120 -s root 75127 0.0 0.0 7048 2628 - Is Mon05 0:00.00 /bin= /sh /usr/local/sbin/sshguard root 75129 0.0 0.0 7632 3160 - S Mon05 0:01.49 /usr/local/libexec/sshg-parser root 75130 0.0 0.0 6608 2540 - S Mon05 0:00.35 /usr/local/libexec/sshg-blocker -a 30 -p 120 -s root 75131 0.0 0.0 7048 2628 - I Mon05 0:00.00 /bin= /sh /usr/local/sbin/sshguard root 75132 0.0 0.0 7048 2612 - I Mon05 0:00.03 /bin= /sh /usr/local/libexec/sshg-fw-pf root 75133 0.0 0.0 7048 2700 - I 09:51 0:00.00 /bin= /sh /usr/local/sbin/sshguard root 75134 0.0 0.0 7048 2684 - S 09:51 0:00.01 /bin= /sh /usr/local/libexec/sshg-fw-pf root 75204 0.0 0.0 7048 2700 - Is 03:05 0:00.01 /bin= /sh /usr/local/sbin/sshguard root 75206 0.0 0.0 7632 3132 - S 03:05 0:00.26 /usr/local/libexec/sshg-parser root 75207 0.0 0.0 6608 2548 - S 03:05 0:00.02 /usr/local/libexec/sshg-blocker -a 30 -p 120 -s root 75208 0.0 0.0 7048 2700 - I 03:05 0:00.00 /bin= /sh /usr/local/sbin/sshguard root 75209 0.0 0.0 7048 2684 - I 03:05 0:00.01 /bin= /sh /usr/local/libexec/sshg-fw-pf root 75654 0.0 0.0 7048 2700 - Is 20:25 0:00.01 /bin= /sh /usr/local/sbin/sshguard root 75656 0.0 0.0 7632 3140 - S 20:25 0:00.57 /usr/local/libexec/sshg-parser root 75657 0.0 0.0 6608 2548 - S 20:25 0:00.04 /usr/local/libexec/sshg-blocker -a 30 -p 120 -s root 75658 0.0 0.0 7048 2700 - I 20:25 0:00.00 /bin= /sh /usr/local/sbin/sshguard root 75659 0.0 0.0 7048 2684 - I 20:25 0:00.01 /bin= /sh /usr/local/libexec/sshg-fw-pf root 76232 0.0 0.0 7048 2632 - Is Wed18 0:00.00 /bin= /sh /usr/local/sbin/sshguard root 76234 0.0 0.0 7632 3152 - S Wed18 0:01.25 /usr/local/libexec/sshg-parser root 76235 0.0 0.0 6608 2548 - S Wed18 0:00.18 /usr/local/libexec/sshg-blocker -a 30 -p 120 -s root 76236 0.0 0.0 7048 2632 - I Wed18 0:00.00 /bin= /sh /usr/local/sbin/sshguard root 76237 0.0 0.0 7048 2616 - S Wed18 0:00.02 /bin= /sh /usr/local/libexec/sshg-fw-pf root 76311 0.0 0.0 7048 2700 - Is 20:27 0:00.01 /bin= /sh /usr/local/sbin/sshguard root 76313 0.0 0.0 7632 3140 - S 20:27 0:00.56 /usr/local/libexec/sshg-parser root 76314 0.0 0.0 6608 2548 - I 20:27 0:00.04 /usr/local/libexec/sshg-blocker -a 30 -p 120 -s root 76315 0.0 0.0 7048 2700 - I 20:27 0:00.00 /bin= /sh /usr/local/sbin/sshguard root 76316 0.0 0.0 7048 2684 - I 20:27 0:00.01 /bin= /sh /usr/local/libexec/sshg-fw-pf root 76477 0.0 0.0 7048 2700 - Is 03:07 0:00.01 /bin= /sh /usr/local/sbin/sshguard root 76480 0.0 0.0 7632 3132 - S 03:07 0:00.25 /usr/local/libexec/sshg-parser root 76481 0.0 0.0 6608 2548 - I 03:07 0:00.02 /usr/local/libexec/sshg-blocker -a 30 -p 120 -s root 76482 0.0 0.0 7048 2700 - I 03:07 0:00.00 /bin= /sh /usr/local/sbin/sshguard root 76483 0.0 0.0 7048 2684 - I 03:07 0:00.01 /bin= /sh /usr/local/libexec/sshg-fw-pf root 76495 0.0 0.0 7048 2700 - Is 23:53 0:00.01 /bin= /sh /usr/local/sbin/sshguard root 76497 0.0 0.0 7632 3132 - S 23:53 0:00.46 /usr/local/libexec/sshg-parser ... The sshguard service has a different command line, though otherwise the pro= cess group is similar to those above: root 54198 0.0 0.0 7048 2704 - Is 07:20 0:00.00 /bi= n/sh /usr/local/sbin/sshguard -b 30:/var/db/sshguard/blacklist.db -i /var/run/sshguard.pid root 54200 0.0 0.0 7632 3084 - I 07:20 0:00.00 /usr/local/libexec/sshg-parser root 54201 0.0 0.0 6608 2548 - I 07:20 0:00.00 /usr/local/libexec/sshg-blocker -a 30 -b 30:/var/db/sshguard/blacklist.db -i /var/run/sshguard.pid -p 120 -s 1800 root 54202 0.0 0.0 7048 2704 - I 07:20 0:00.00 /bi= n/sh /usr/local/sbin/sshguard -b 30:/var/db/sshguard/blacklist.db -i /var/run/sshguard.pid root 54203 0.0 0.0 7048 2684 - I 07:20 0:00.01 /bi= n/sh /usr/local/libexec/sshg-fw-pf --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-221233-13>