[3330] in Release_7.7_team
ow
daemon@ATHENA.MIT.EDU (Garry Zacheiss)
Thu Jun 6 19:17:38 2002
Date: Thu, 6 Jun 2002 19:17:34 -0400
Message-Id: <200206062317.TAA21787@riff-raff.mit.edu>
From: Garry Zacheiss <zacheiss@MIT.EDU>
To: ops@MIT.EDU, release-team@MIT.EDU
CC: bobmah@MIT.EDU
In-reply-to: "[59813] in Ops_Projects"
We havesome more insight into what occured last night now, as
well as a model that explains almost all of our observed data so far.
Last August, as some of you probably remember, kolya discovered
several remote denial of service attacks against the AFS client, and we
patched them. We distributed the new kernel module to all
ops-controlled servers, and did Athena patch releases as well for 9.0
platforms. The bug was also fixed in OpenAFS.
Last night, Jimmy Engelbrecht of Sweden's Royal Institute of
Technology ran a script he has written called "afscrawler" to gather
information for a paper to be presented at next week's USENIX
conference; the script ended up tickling the bug we had patched last
summer.
8.4 Suns were never patched (or at least not fully, I think we
deployed an interim version of the module as an 8.4 patch release), but
9.0 Suns were. Ops' 8.4 Suns were patched and rebooeted, which is why
they didn't crash. This is why 8.4 Suns panicked last night but 9.0 and
9.1 Suns didn't. All our 8.4 and 9.0 Linux machines are running patched
OpenAFS and as such were immune as well.
SGIs are our interesting case. The clients in the 9.0 and 9.1
SGI releases should be patched; today I built a new sgi_65 client from
the sources in the afsdev locker, installed it on whirlpool, and was
still able to crash the machine remotely (kolya has an exploit for
tickling this bug).
This leaves me slightly confused. There seem to exist 3
possibilities:
1.) There is a second bug in the Irix client only tickled by the same
sort of behavior that tickles the first bug.
2.) The Irix client is misinstalled somehow. The patch release that
installed the new Irix client didn't set NEWOS or NEWUNIX in its
version script, so update-os didn't rebuild the kernel. However,
Bob tells that the SGIs will automatically rebuild their kernel at
boot time as necessary, and this seems to match my observations. So
I don't think this is the case.
3.) I've been stupid somewhere in my above analysis.
I plan to do some more investigation into figuring out what's
up with Irix. I want to try building a modern OpenAFS and seeing if
that is immune to the problem. If anyone else has some ideas on this,
let me know. I expect we'll want to do a 9.0 patch release for Irix
only, and put new clients on the 8.4 packs for both Irix and Solaris and
tell people how to upgrade manually.
Since we more or less understand this now and don't expect it
to recur, I've removed the OLC motd about this, and will send mail to
cfyi and friends shortly.
Garry
