[8922] in bugtraq
Re: Anonymous Qmail Denial of Service
daemon@ATHENA.MIT.EDU (Trev)
Mon Jan 4 12:49:44 1999
Date: Mon, 4 Jan 1999 01:36:31 -0800
Reply-To: Trev <trev@KICS.BC.CA>
From: Trev <trev@KICS.BC.CA>
X-To: Wietse Venema <wietse@PORCUPINE.ORG>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <19990104050409.85094188CE@fist.porcupine.org>
At 12:04 AM 1/4/99 -0500, Wietse Venema wrote:
<--big snip-->
>What happens when the qmail-queue process is signaled with, say,
>SIGKILL? The file will stay in the queue. That's a zero-length
>file, owned by qmail, without any user identification whatsoever.
<--snip-->
>When this sequence is executed a sufficient number of times, the
>queue file system runs out of available resources. No-one can send
>mail. No-one can receive mail. And no-one can be held responsible.
<--snip again-->
Pardon my comments here, I am no qmail expert (I don't even run the thing),
but surely you could get around this by applying a small patch to
qmail-queue to look for such zero-length files and remove any that are
found (ie: one of the first things it does). If the task of searching the
directory upon each invocation seems too much, have it save a reference
marker to another temp file that qmail-queue could then remove when it
exits successfully. Wouldn't that prevent that particular DoS?
Trev
