Igor Kovalenko <kovalenko@attbi.com> wrote:
“David Gibbs” <> dagibbs@qnx.com> > wrote in message
news:asj00c$98m$> 1@nntp.qnx.com> …
Igor Kovalenko <> kovalenko@attbi.com> > wrote:
“David Gibbs” <> dagibbs@qnx.com> > wrote in message
news:asg4en$ei5$> 1@nntp.qnx.com> …
Hi.
True, but that does not apply to messages. As long as you know pid and
channel id, you can send anything to anyone. And the channel id is not
hard
to guess by brute force, it is just a small integer usually…
Yes, but the server can easily prevent a MsgSend() based DOS attack
by not replying to the messages. You call MsgReceive(), you don’t call
MsgReply/MsgError, and you’ve just held-off that attacker.
One can use short kernel timeouts to avoid blocking for extended periods
and
easily flood the whole system with messages that way.
If the servers have requested unblock notification (which is default for
resource managers, and name_attach() channels), then this timeout is under
the control of the server, which can hold you off.
Are you suggesting that all shipped QNX resource managers do hold off DOS
attackers? That is the whole point of this discussion.
I am making no such generic point.
Somebody said anybody could flood a server with pulses. I said no, given
that the servers are resource managers they’re probably running as root,
therefor, you must be root to flood them with pulses, therefor not just
“anybody” can do it.
Then somebody said you could flood them with MsgSend() calls by quickly
timeing them out before the server could respond.
I said that, no, the S/R/R architecture with UNBLOCK handling on the
server side inherently throttled this type of attack. Now, it doesn’t
remove this type of attack, you could hit the server with a message,
then unblock (which is a new pulse), then a new request…but the
inherent throttling is in that you can not send that new request
until the previous unblock is processed. From my understanding of
DOS attacks, this inherent throttling would make that particular
attack not be a DOS attack.
If I was to do a DOS attack on QNX, there are simpler ways. Try this for
starter - it will bring the system on its knees, root or not.
In fact, I said:
There are lots of ways.
Meaning, there are lots of ways to bring a QNX system to its knees.
So, I wasn’t generically denying that there are DOS attacks against
QNX. Just that those particular avenues aren’t.
A root process could spew pulses at a server, no problem. In fact,
I think it could send “UNBLOCK” pulses for random rcvids. (I don’t
think MsgSendPulse() makes sure the pulses with negative codes
aren’t sent.)
-David
QNX Training Services
http://www.qnx.com/support/training/
Please followup in this newsgroup if you have further questions.