From daf821a6682c1902ae88d5fbba48d1e2228598ac Mon Sep 17 00:00:00 2001 From: Alban Crequy Date: Tue, 19 Aug 2014 15:31:10 +0100 Subject: [PATCH] config: set DEFAULT_MESSAGE_UNIX_FDS to 16 Before this patch, the system bus had the following default configuration: - max_connections_per_user: 256 - DBUS_DEFAULT_MESSAGE_UNIX_FDS: usually 1024 (or 256 on QNX, see fd.o#61176) as defined by configure.ac - max_incoming_unix_fds: DBUS_DEFAULT_MESSAGE_UNIX_FDS*4 = usually 4096 - max_outgoing_unix_fds: DBUS_DEFAULT_MESSAGE_UNIX_FDS*4 = usually 4096 - max_message_unix_fds: DBUS_DEFAULT_MESSAGE_UNIX_FDS = usually 1024 This means that a single user could create 256 connections and transmit 256*4096 = 1048576 file descriptors. The file descriptors stay attached to the dbus-daemon process while they are in the message loader, in the outgoing queue or waiting to be dispatched before D-Bus activation. dbus-daemon is usually limited to 65536 file descriptors (ulimit -n). If the limit is reached and dbus-daemon needs to receive a message with a file descriptor attached, this is signalled by recvfrom with the flag MSG_CTRUNC. Dbus-daemon cannot recover from that error because the kernel does not have any API to retrieve a file descriptor which has been discarded with MSG_CTRUNC. Therefore, it closes the connection of the sender. This is not necessarily the connection which generated the most file descriptors so it can lead to denial-of-service attacks. In order to prevent DoS issues, this patch reduces DEFAULT_MESSAGE_UNIX_FDS to 16: max_connections_per_user * max_incoming_unix_fds = 256 * 64 = 16384 This is less than the usual "ulimit -n" (65536) with a good margin to accomodate the other sources of file descriptors (stdin/stdout/stderr, listening sockets, message loader, etc.) --- configure.ac | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac index cbaf874..ac2f35d 100644 --- a/configure.ac +++ b/configure.ac @@ -1241,9 +1241,11 @@ fi # Determine maximum number of Unix fds which may be passed AS_CASE([$host_os], [*qnx*], - [DEFAULT_MESSAGE_UNIX_FDS=256], + # qnx used to require a lower value, see: + # https://bugs.freedesktop.org/show_bug.cgi?id=61176 + [DEFAULT_MESSAGE_UNIX_FDS=16], [*], - [DEFAULT_MESSAGE_UNIX_FDS=1024]) + [DEFAULT_MESSAGE_UNIX_FDS=16]) AC_DEFINE_UNQUOTED([DBUS_DEFAULT_MESSAGE_UNIX_FDS], [$DEFAULT_MESSAGE_UNIX_FDS], [Default for dbus_connection_get_max_message_unix_fds()]) -- 1.8.5.3