New: Divide by zero (/proc/sys/net/ipv4/neigh/DEV/base_reachable_time)

New: Divide by zero (/proc/sys/net/ipv4/neigh/DEV/base_reachable_time)

Post by Martin J. Blig » Sat, 01 Mar 2003 19:40:15



http://bugme.osdl.org/show_bug.cgi?id=420

           Summary: Divide by zero
                    (/proc/sys/net/ipv4/neigh/DEV/base_reachable_time)
    Kernel Version: 2.4.20, 2.5.63
            Status: NEW
          Severity: normal


Distribution:Debian GNU/Linux 3.0, Vine Linux 2.6
Hardware Environment:
Software Environment:
Problem Description:
  Divide by zero (/proc/sys/net/ipv4/neigh/DEV/base_reachable_time)
Steps to reproduce:
  I found the problem of neigh_rand_reach_time() in net/core/neighbour.c.
  This function called by neigh_periodic_timer() each 300 seconds,
  and argument of neigh_periodic_timer() is p->base_reachable_time.
  base_reachable_time can set to 0 by below sequence.

    echo 0 > /proc/sys/net/ipv4/neigh/DEV/base_reachable_time

  But neigh_rand_reach_time() divide by its argument.

    unsigned long neigh_rand_reach_time(unsigned long base)
    {
        return (net_random() % base) + (base>>1);
    }

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in

More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

 
 
 

New: Divide by zero (/proc/sys/net/ipv4/neigh/DEV/base_reachable_time)

Post by Andi Klee » Sat, 01 Mar 2003 20:40:09



Quote:

>     echo 0 > /proc/sys/net/ipv4/neigh/DEV/base_reachable_time

>   But neigh_rand_reach_time() divide by its argument.

>     unsigned long neigh_rand_reach_time(unsigned long base)
>     {
>    return (net_random() % base) + (base>>1);
>     }

Don't do that then. The sysctl is root-only. There are lots of ways to
break the system by writing bogus values into root only configuration
options. That is why they are root only

I would close the report as WONTFIX.

-Andi
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in

More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

 
 
 

New: Divide by zero (/proc/sys/net/ipv4/neigh/DEV/base_reachable_time)

Post by Abramo Bagnar » Sun, 02 Mar 2003 00:30:22




> >     echo 0 > /proc/sys/net/ipv4/neigh/DEV/base_reachable_time

> >   But neigh_rand_reach_time() divide by its argument.

> >     unsigned long neigh_rand_reach_time(unsigned long base)
> >     {
> >       return (net_random() % base) + (base>>1);
> >     }

> Don't do that then. The sysctl is root-only. There are lots of ways to
> break the system by writing bogus values into root only configuration
> options. That is why they are root only

> I would close the report as WONTFIX.

Don't this argument bring to the weird equality:

root user == infallible guy

IMHO the "if you make a typo you crash the machine" should be avoided
(at least when feasible without drawbacks).

--

Opera Unica                          Phone: +39.546.656023
Via Emilia Interna, 140
48014 Castel Bolognese (RA) - Italy
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in

More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

 
 
 

New: Divide by zero (/proc/sys/net/ipv4/neigh/DEV/base_reachable_time)

Post by Randy.Dunla » Sun, 02 Mar 2003 00:40:15


On Fri, 28 Feb 2003 23:23:33 +0100

| >

| > >
| > >     echo 0 > /proc/sys/net/ipv4/neigh/DEV/base_reachable_time
| > >
| > >   But neigh_rand_reach_time() divide by its argument.
| > >
| > >     unsigned long neigh_rand_reach_time(unsigned long base)
| > >     {
| > >       return (net_random() % base) + (base>>1);
| > >     }
| >
| > Don't do that then. The sysctl is root-only. There are lots of ways to
| > break the system by writing bogus values into root only configuration
| > options. That is why they are root only
| >
| > I would close the report as WONTFIX.
|
| Don't this argument bring to the weird equality:
|
| root user == infallible guy
|
| IMHO the "if you make a typo you crash the machine" should be avoided
| (at least when feasible without drawbacks).

I agree with that.
It's worth making a patch and letting the maintainer reject it.

Of course, there are still plenty of other ways to write to /proc and kill
the system.

--
~Randy
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in

More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

 
 
 

New: Divide by zero (/proc/sys/net/ipv4/neigh/DEV/base_reachable_time)

Post by Robert Lov » Sun, 02 Mar 2003 00:40:21



> I agree with that.

I agree with that, too.

It is easy, too, because the sysctl mechanism has a built-in bounds
checking function.

For the seventh parameter (the parsing mechanism) you can specify
something like proc_dointvec_minmax and then the last parameters can be
&one and NULL.  This forces the minimum value to be one.

So its trivial and built-in.  While root should be able to wreck the
system, he should at least have a chance in hell of knowing he is doing
so.  Zero may seem to be a legitimate value here...

        Robert Love

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in

More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

 
 
 

1. ipv4: move proc stuff from net/ipv4/af_inet.c to net/ipv4/proc.c


   Date: Tue, 29 Oct 2002 11:42:07 -0200 (BRDT)

        Please consider pulling from:

   kernel.bkbits.net:/home/acme/net-2.5

Pulled, thanks.

I just did a push to Linus, so this will go show up in the next round.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in

More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

2. A sound server for sabre flight simulator

3. What's the equivalent of /proc/sys/net/ipv4/ip_always_defrag in v2.3?

4. Sony SDT-7000 DDS2 problem

5. echo 0 > /proc/sys/net/ipv4/tcp_timestamps per [session, reboot, connection]?

6. FTape on 1.1.45

7. WHAT IS /proc/sys/net/ipv4/ipfrag_low_thresh

8. IDE memory leak in 2.5.40

9. /proc/sys/net/ipv4/ip_always_defrag: No such file or directory

10. Oddity with /proc/sys/net/ipv4/conf/all

11. /proc/sys/net/ipv4/ip_forward problem

12. connect() timeout decreased with /proc/sys/net/ipv4/* ?

13. /proc/sys/net/ipv4/ip_forward being turned off