artswrapper defanged

Roger Larsson roger.larsson at norran.net
Fri Jul 19 18:28:29 BST 2002 

On Friday 19 July 2002 09.22, Stefan Westerfeld wrote:
>    Hi!
> 
> On Fri, Jul 19, 2002 at 08:51:23AM +0100, Rik Hemsley wrote:
> > > What you _should_ have done is publish a security advice that tells
> > > people to remove the suid bit of artswrapper. This has the same
> > > effect as patching the feature away in the source: None. But it would
> > > have saved people a lot of breath.
> > 
> > There is already a security advisory, in fact, that's where I heard
> > about the exploit.
> > 
> > I have not heard that artswrapper has been fixed properly yet. We're
> > approaching another release. If I hadn't patched artswrapper, would the
> > next release have gone out with the exploit still open ?
> 
> Well, you don't seem to understand the nature of the "exploit".
> 
> The _very purpose_ of artswrapper is to give artsd a very high priority and
> drop the root privileges thereafter. It does _exactly_ this. So artswrapper
> is neither broken nor vulnerable.
> 
> The _very purpose_ of a sound server is to compute the things (sound, that
> is), that the user wants to compute. This produces CPU usage, and depending
> on how complex the computations are, more CPU usage.
> 
> The _combination_ of these two purposes leads to a straightforward "local
> denial of service attack": you let artsd compute lots of things. Since artsd
> monitors its own CPU usage, you can only safely take away 90% of the CPU 
usage
> a system has. Solution: start another artsd. Then you can take away 100% of
> the CPU usage a system has. So a non root user can produce a system hang in
> tiny shell script (will not post it here).
> 

A simple check in artswrapper can handle this.
Let it start only one artsd with RT priority!
 With a semaphore?

Another solution is to have another program - possibly a spawned artswrapper 
to run at a priority higher than the artsd. It can then manage the artsd 
processes by killing / remove RT priority of artsd processes.

It might also be necessary to monitor the amount of memory artsd processes 
might use - since it should be locked from swapping.

/RogerL

-- 
Roger Larsson
SkellefteƄ
Sweden

More information about the kde-core-devel mailing list