Bugtraq mailing list archives
Re: Anonymous Qmail Denial of Service
From: trev () KICS BC CA (Trev)
Date: Mon, 4 Jan 1999 01:36:31 -0800
At 12:04 AM 1/4/99 -0500, Wietse Venema wrote: <--big snip-->
What happens when the qmail-queue process is signaled with, say, SIGKILL? The file will stay in the queue. That's a zero-length file, owned by qmail, without any user identification whatsoever.
<--snip-->
When this sequence is executed a sufficient number of times, the queue file system runs out of available resources. No-one can send mail. No-one can receive mail. And no-one can be held responsible.
<--snip again--> Pardon my comments here, I am no qmail expert (I don't even run the thing), but surely you could get around this by applying a small patch to qmail-queue to look for such zero-length files and remove any that are found (ie: one of the first things it does). If the task of searching the directory upon each invocation seems too much, have it save a reference marker to another temp file that qmail-queue could then remove when it exits successfully. Wouldn't that prevent that particular DoS? Trev
Current thread:
- Re: Breeze Network Server remote reboot and other bogosity. Mike Pelley (Dec 31)
- Bug Mr Spooty (Dec 31)
- Re: Bug Curt Sampson (Jan 03)
- Re: Bug Jeffrey Hutzelman (Jan 07)
- Anonymous Qmail Denial of Service Wietse Venema (Jan 03)
- Dosemu/S-Lang Overflow + sploit Trev (Jan 03)
- Re: Dosemu/S-Lang Overflow + sploit Erik Mouw (Jan 12)
- Re: Anonymous Qmail Denial of Service Trev (Jan 04)
- Vulnerability database workshop Gene Spafford (Jan 04)
- Re: Anonymous Qmail Denial of Service Nick Andrew (Jan 04)
- Improved icmp time/mask querying program David G. Andersen (Jan 04)
- Re: Bug Curt Sampson (Jan 03)
- Re: Anonymous Qmail Denial of Service Illuminatus Primus (Jan 04)
- Re: Anonymous Qmail Denial of Service Nick Maclaren (Jan 04)
- Sendmail 8.9.2 released Patrick Oonk (Jan 04)
- SUN almost has a clue! (automountd) (fwd) Robert Borrell (Jan 04)
- Re: SUN almost has a clue! (automountd) (fwd) Bojan Zdrnja (Jan 05)
- Bug Mr Spooty (Dec 31)