From owner-freebsd-bugs  Sat Sep 14  5:50:10 2002
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1627537B400
	for <freebsd-bugs@hub.freebsd.org>; Sat, 14 Sep 2002 05:50:05 -0700 (PDT)
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 854DB43E42
	for <freebsd-bugs@hub.freebsd.org>; Sat, 14 Sep 2002 05:50:04 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g8ECo3JU026078
	for <freebsd-bugs@freefall.freebsd.org>; Sat, 14 Sep 2002 05:50:03 -0700 (PDT)
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g8ECo3tw026077;
	Sat, 14 Sep 2002 05:50:03 -0700 (PDT)
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 91ED937B400; Sat, 14 Sep 2002 05:41:49 -0700 (PDT)
Received: from wwweasel.geeksrus.net (wwweasel.geeksrus.net [64.8.210.226])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id C156043E75; Sat, 14 Sep 2002 05:41:48 -0700 (PDT)
	(envelope-from alane@wwweasel.geeksrus.net)
Received: from wwweasel.geeksrus.net (alane@localhost [127.0.0.1])
	by wwweasel.geeksrus.net (8.12.6/8.12.6) with ESMTP id g8ECemkZ046254;
	Sat, 14 Sep 2002 08:40:48 -0400 (EDT)
	(envelope-from alane@wwweasel.geeksrus.net)
Received: (from alane@localhost)
	by wwweasel.geeksrus.net (8.12.6/8.12.6/Submit) id g8ECelg9046253;
	Sat, 14 Sep 2002 08:40:47 -0400 (EDT)
	(envelope-from alane)
Message-Id: <200209141240.g8ECelg9046253@wwweasel.geeksrus.net>
Date: Sat, 14 Sep 2002 08:40:47 -0400 (EDT)
From: Alan Eldridge <ports@geeksrus.net>
Reply-To: Alan Eldridge <ports@geeksrus.net>
To: FreeBSD-gnats-submit@FreeBSD.org
Cc: jmallet@FreeBSD.org, kris@obsecurity.org
X-Send-Pr-Version: 3.113
Subject: bin/42772: usr.bin/make: patch to stop a fork bomb
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-bugs.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-bugs>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-bugs>
X-Loop: FreeBSD.org


>Number:         42772
>Category:       bin
>Synopsis:       usr.bin/make: patch to stop a fork bomb
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Sep 14 05:50:02 PDT 2002
>Closed-Date:
>Last-Modified:
>Originator:     Alan Eldridge
>Release:        FreeBSD 4.7-PRERELEASE i386
>Organization:
Geeksrus.NET
>Environment:
System: FreeBSD wwweasel.geeksrus.net 4.7-PRERELEASE FreeBSD 4.7-PRERELEASE #0: Sun Sep 8 06:05:58 EDT 2002 root@wwweasel.geeksrus.net:/usr/obj/usr/src/sys/WWWEASEL i386

>Description:

Under certain cirumstances, it is possible, by setting certain variables
(does anybody have a list?), to cause a ports make to enter an infinite 
look, eventually fork()ing itself to dealth, and presenting a denial-of-service attach against the host by preventing other programs from fork()ing.

This patch uses an env var, __MKLVL__, to keep track of the recursion
level and causes a failure when it reaches 500.

>How-To-Repeat:

cd /usr/ports/irc/xchat; make USE_GNOME-gtk12 package

>Fix:

Note: this is just a tournequet for a severed artery; it prevents the 
most egregious symptom and prevents the box from falling on its side.

However, I'd be grateful if this could be committed to both CURRENT and
STABLE ASAP after the code freeze is lifted. Thanks.

==8<====8<====8<====8<====8<====8<====8<====8<====8<====8<==
diff -ru /usr/src/usr.bin/make/main.c usr.bin/make/main.c
--- /usr/src/usr.bin/make/main.c	Thu Jul 25 03:10:15 2002
+++ usr.bin/make/main.c	Sat Sep 14 08:07:29 2002
@@ -108,6 +108,8 @@
 #include "job.h"
 #include "pathnames.h"
 
+#define WANT_ENV_MKLVL	1
+
 #ifndef	DEFMAXLOCAL
 #define	DEFMAXLOCAL DEFMAXJOBS
 #endif	/* DEFMAXLOCAL */
@@ -475,6 +477,12 @@
 	struct stat sb;
 	char *pwd;
 #endif
+#ifdef WANT_ENV_MKLVL
+#define MKLVL_MAXVAL	500
+#define MKLVL_ENVVAR	"__MKLVL__"
+	int iMkLvl = 0;
+	char *szMkLvl = getenv(MKLVL_ENVVAR);
+#endif /* WANT_ENV_MKLVL */
 	char mdpath[MAXPATHLEN + 1];
 	char obpath[MAXPATHLEN + 1];
 	char cdpath[MAXPATHLEN + 1];
@@ -485,6 +493,19 @@
 	char *cp = NULL, *start;
 					/* avoid faults on read-only strings */
 	static char syspath[] = _PATH_DEFSYSPATH;
+
+#ifdef WANT_ENV_MKLVL
+	if ((iMkLvl = szMkLvl ? atoi(szMkLvl) : 0) < 0) {
+	  iMkLvl = 0;
+	}
+	if (iMkLvl++ > MKLVL_MAXVAL) {
+	  errc(2, EAGAIN, 
+	       "Max recursion level (%d) exceeded.", MKLVL_MAXVAL);
+	}
+	bzero(szMkLvl = emalloc(32), 32);
+	sprintf(szMkLvl, "%d", iMkLvl);
+	setenv(MKLVL_ENVVAR, szMkLvl, 1);
+#endif /* WANT_ENV_MKLVL */
 
 #ifdef RLIMIT_NOFILE
 	/*
==8<====8<====8<====8<====8<====8<====8<====8<====8<====8<==

>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message