Re: [security] Big problem on 2.0.x? (fwd)

Dan Yocum (yocum@fnal.gov)
Wed, 15 Dec 1999 17:21:57 -0600

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Rob van Riel: "[Fwd: Linux IDE driver ide.c version 6.20 (possible) bug report]"
Previous message: Marc Mutz: "Re: disabling Intel PSN"
Maybe in reply to: Daniel Ryde: "[security] Big problem on 2.0.x? (fwd)"

> > >o Very occasional NFS crashes with "evil packet..."
> >
> > Hmm "evil packet" is a bit too much generic in order to fix this ;)).
>
> I can only agree. But the mail with the bug-report wasn't very exact.

Sort of OT, but related: many times under the 2.0.36 kernel I've seen at least
2 distinct NFS problems. I'd love to have an answer since about 300-400 of
our machines are running 2.0.36 kernels (not all are NFS servers, though :).

In the first one everything seems to be happy on the server:

[root@thpc16 /root]# ps aux | grep rpc
root 314 0.0 0.1 1156 64 ? S Dec 3 0:00 rpc.mountd
root 330 0.0 0.1 1152 76 ? S Dec 3 0:00 rpc.nfsd
root 19077 0.0 0.5 836 348 p9 S 16:37 0:00 grep rpc

But, attempting to mount from a client fails with timeouts and
/var/log/messages gets filled up with this:

Warning: possible SYN flood from 131.225.55.9 on 131.225.55.98:635. Sending
cookies.

Attempting to stop the errant processes yields:

[root@thpc16 /root]# /etc/rc.d/init.d/nfs stop
Shutting down NFS services: rpc.mountd kill: (314) - No such pid
rpc.nfsd kill: (330) - No such pid

But, hey, I see pid's 314 and 330 in the above 'ps' so what's the scoop?

Restarting nfs clears the air.

The second NFS problem is that the rpc.mountd will inexplicably stop, dead.
I've run an strace for a few days to see what I get. Here's the last few
lines, but nothing obvious (at least to me):

sendto(1, "9\27S\361\0\0\0\0\0\0\0\2\0\1\206"..., 96, 0, {sin_family=AF_INET,
sin_port=htons(723), sin_addr=inet_addr("131.225.10.38")}, 16) = 96
select(256, [1], NULL, NULL, {5, 0}) = 1 (in [1], left {4, 990000})
recvfrom(1, "9\27S\361\0\0\0\1\0\0\0\0\0\0\0\0"..., 8800, 0,
{sin_family=AF_INET, sin_port=htons(32774), sin_addr=inet_addr("131.225.10.38")
}, [16]) = 64
close(1) = 0
--- SIGSEGV (Segmentation fault) ---

If you want/need more, I can send it.

Cheers,
Dan

___________________________________________________________________________
Dan Yocum | Phone: (630) 840-8525
Linux Research and Development | Fax: (630) 840-6345
Computing Division, OSS Dept. | email: yocum@fnal.gov .~. L
Fermi National Accelerator Lab | WWW: www-oss.fnal.gov/~yocum/ /V I
P.O. Box 500 | // \ N
Batavia, IL 60510 | "TANSTAAFL" /( ) U
________________________________|_________________________________ ^`~'^__X_

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Rob van Riel: "[Fwd: Linux IDE driver ide.c version 6.20 (possible) bug report]"
Previous message: Marc Mutz: "Re: disabling Intel PSN"
Maybe in reply to: Daniel Ryde: "[security] Big problem on 2.0.x? (fwd)"