openssh-unix-dev May 2011 archive
Main Archive Page > Month Archives  > openssh-unix-dev archives
openssh-unix-dev: Re: port-linux.c bug with oom_adjust_restore()

Re: port-linux.c bug with oom_adjust_restore() - causes real bad oom_adj - which can cause DoS conditions.

From: Roumen Petrov <openssh_at_nospam>
Date: Tue May 31 2011 - 20:07:38 GMT
To: Darren Tucker <dtucker@zip.com.au>

Darren Tucker wrote:
> On Tue, May 31, 2011 at 10:18 PM, Cal Leeming [Simplicity Media Ltd]
> <cal.leeming@simplicitymedialtd.co.uk> wrote:
> [...]
>
>> Oh trust me, I looked *everywhere*. Even to the extent of running
>> tripwire from a bare bones system, and looking manually at every
>> change made. I also looked for loads of different keywords (-17, oom,
>> proc, self) etc. Spent hours on it :/
>>
>> As for the comment about the modprobe, I already did all this (full
>> debug can be found at
>> http://www.debianhelp.org/content/cgroup-oom-killer-loop-causes-system-lockup-possible-fix-included
>> ), and found that when the bnx2 module isn't loaded, the problem goes
>> away.. When it is loaded, the problem comes back.
>>
> Did you check /proc/self/oom_adj before and after loading the module?
> I don't see that in there, and it it *does* change it would eliminate
> sshd as a variable.
>
> As a workaround, you could add "echo 0>/proc/self/oom_adj" to
> /etc/default/ssh. It's a bit ugly, but at least you wouldn't need to
> recompile anything.
>

May is not related but /proc/self/oom_adjis is reported as deprecated:
syslog:<DATE> <HOST> kernel: udevd (<PID>): /proc/<PID>/oom_adj is
deprecated, please use /proc/<PID>/oom_score_adj instead, where kernel
is 2.6.38.6. I see oom_score_adj for first time in 2.6.36 .

Regards,
Roumen

-- Get X.509 certificates support in OpenSSH: http://roumenpetrov.info/openssh/ _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev