Re: Linux 2.4.27 SECURITY BUG - TCP Local (probable Remote) Denialof Service

[Peter Zaitsev]

On Sat, 2004-09-11 at 20:47, David S. Miller wrote:

> If the application doesn't close it's file descriptors there is
> absolutely nothing the kernel can do about it.
> 
> It's a resource leak, plain and simple.
> 
> > That being said - below is a the proper description, and the code
> > used to exploit it. Hope it helps. This version is not the one
> > which invokes the CLOSE_WAIT state, but rather the TIME_WAIT one,
> > I am not able to publish the source code for the CLOSE_WAIT bug.
> 
> There is nothing wrong with creating tons of TIME_WAIT sockets,
> they simply time out after 60 seconds (unless hit by a RESET
> packet or similar).  This is how TCP works.
> 

Hm,

As this question arose may I ask where this timeout is configured ?

There is tcp_fin_timeout  configuration but I found nothing
corresponding to TIME_WAIT.

Here is how it bothers me.  On the Web sites using Apache/PHP and MySQL 
on different hosts I often see  "Sleep" connections hanging for many
minutes on MySQL hosts.    Tracking remote host and port shows this
connection is not assigned to any process on other end any more but
rather being in TIME_WAIT state. 

I do not care about TIME_WAIT  connection on client site itself, what
concerns me is, until connection is not fully closed server side does
not seems to be informed connection is dead and so  server resources are
not deallocated.    

Any ideas ? 



-- 
Peter Zaitsev, Senior Support Engineer
MySQL AB, www.mysql.com



-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/