[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Chicken-users] [SECURITY] Buffer overrun vulnerability in Chicken's sch
From: |
Peter Bex |
Subject: |
[Chicken-users] [SECURITY] Buffer overrun vulnerability in Chicken's scheduler |
Date: |
Mon, 11 Jun 2012 12:33:28 +0200 |
User-agent: |
Mutt/1.4.2.3i |
Hello Chicken users,
Recently a buffer overrun error was discovered in Chicken's thread
scheduler. This buffer overrun is triggered on UNIX-like OSes when a
file descriptor with an integer value higher than FD_SETSIZE gets
opened due to the way the POSIX select() function is currently being
used.
Every Chicken program which accepts a potentially unlimited number of
incoming network connections or otherwise opens an unlimited number of
file descriptors is potentially vulnerable to an application crash.
Currently a patch is being developed. In the meanwhile an effective
workaround is to limit the maximum number of open descriptors using
the Unix "ulimit -n" command.
Please verify the maximum number of descriptors supported safely by
Chicken by compiling following one-line program using csc and then
running the resulting binary:
(print (foreign-value "FD_SETSIZE" int))
Simply ensure that the programs you want to protect run under a maximum
number of open files ulimit that matches this number (or lower).
lease note that this bug also affects people using the
"high-load-scheduler" egg, which provides an alternative scheduler
implementation.
On Windows, there is no buffer overrun danger, but there is a potential
problem of threads never waking up; there is currently no known
workaround for this.
References
----------
https://lists.ubuntu.com/archives/ubuntu-devel/2010-September/031446.html
http://sourceware.org/bugzilla/show_bug.cgi?id=10352
http://pubs.opengroup.org/onlinepubs/007908799/xsh/poll.html
http://netbsd.gw.com/cgi-bin/man-cgi?select++NetBSD-current
Kind regards,
The Chicken team
- [Chicken-users] [SECURITY] Buffer overrun vulnerability in Chicken's scheduler,
Peter Bex <=