Wednesday, April 8, 2009
3:45 AM

DoS in Linux Server with Boinc

For kernels earlier than 2.6.29 tasks with SCHED_IDLEPRIO creating children such as boinc can freeze the entire system. The bug seems to be in the Linux scheduler: a process with idle priority can block the entire system (with *really* bad latency). It seems to me that if you use ionice, that will make it almost impossible for other tasks to do io (e.g. access the hard drive).

The workaround for boinc is not to use schedtool's SCHED_IDLEPRIO:
Edit /etc/default/boinc-client and set to SCHEDULE="0". E.g.
echo SCHEDULE="0"|sudo tee /etc/default/boinc-client

You can also deinstall schedtool and ionice for now, though that won't fix the security issue. Affected Systems include Ubuntu Server 8.04 with all updates. But many other systems are likely affected if the fix has not yet been backported (fixed in 2.6.29).

0 comments:

Post a Comment