Next: Conclusions Up: Implementation Previous: Attaining low ports with Contents

Auto-looping

Consider the following case:

#!/usr/bin/perl
use ProtoWrap;

my $wrap = ProtoWrap->new('standalone' => 1,
			  'listenPort' => 3000,
			  'destType'   => 'ip',
			  'destAddr'   => '127.0.0.1',
			  'destPort'   => 3000
			  );
die 'Can\'t start SMTP wrapper' if (not defined $wrap);
$wrap->startServer() or warn "Can't start wrapper";

exit 0;

We have here a wrapper that will connect to itself. Any user could launch it, because it binds to a high port. Nothing unusual would happen right away, but as soon as the first packet for that port arrives, a cascade of fork() system calls will fall down on the system, effectively making it unusable after just a couple of seconds.

The author, however, decided not to prevent users from doing this -- it would require huge amounts of code, slowing down normal execution, and it could always be circumvented by altering little bits of this sample invocation. Users to local access to a computer can very easily create DoS conditions without resorting to ProtoWrap -- Consider any of the following examples:

while (1) { fork(); } would very quickly fill up the process table, forcing the administrator to shut down the computer, or take very tedious steps to kill hundreds of useless processes.
$a = ' '; while (1) { $a .= $a; } fills up all the available memory --physical and swap-- and must, once again, be killed by the administrator, if he can get enough memory to even get a shell!
while (1) {} does not make the computer not usable - and maybe this makes it the most dangerous of the examples here presented. This idle loop is very processor-intensive, and slows down the computer significantly. However, the system continues to operate, and most administrators will consider this as usual, correct behavior! Although some Unix schedulers will notice the process is a CPU hog and will lower its priority in the ready queue, it will continue slowing down the system, consuming very important resources.

They are all much simpler to implement than the first one, much more effective and harder to notice.

Next: Conclusions Up: Implementation Previous: Attaining low ports with Contents

Gunnar Wolf
2001-03-12