Bugzilla – Bug 145173
xscreensaver: fix and re-enable glslideshow
Last modified: 2007-04-20 18:07:43 UTC
Run xscreensaver-demo, select the glslideshow saver, in the Advanced tab enable random image and select a directory with some (and decrease time for new image in Settings to minimum). Now wait a moment for a couple of images to change and watch pstree: glslideshow has 1 zombie of xscreensaver-getimage for each image. This way the process table could get quickly full and efectivelly DoS the machine.
Can you reproduce it in version 4.23? I don't have accelerated card in beta3 to test it. It is disabled by default, so decreasing to normal. If this will cause problems, we can remove this module at all.
yes, it's reproducible with 4.23 no, you don't need GL support to test it and it's critical as it's creating a DoS - you can't login back into the machine as the kernel won't allow new processes to be started and you need to reset.
glslideshow removed. Mail was sent to author (JWZ). We can re-test the module later and re-enable it.
From: Jamie Zawinski To: Stanislav Brabec Subject: Re: xscreensaver: zombie DoS from glslideshow Date: Sun, 19 Mar 2006 17:38:06 -0800 I think this should fix it -- let me know? RCS file: /cvsroot/xscreensaver/utils/grabclient.c,v retrieving revision 1.17 diff -u -r1.17 grabclient.c --- grabclient.c 1 Mar 2006 11:35:52 -0000 1.17 +++ grabclient.c 20 Mar 2006 01:35:43 -0000 @@ -302,6 +302,7 @@ FILE *read_pipe; FILE *write_pipe; XtInputId pipe_id; + pid_t pid; } grabclient_data; @@ -350,7 +351,8 @@ (XtPointer) (XtInputReadMask | XtInputExceptMask), finalize_cb, (XtPointer) data); - switch ((int) (forked = fork ())) + forked = fork (); + switch ((int) forked) { case -1: sprintf (buf, "%s: couldn't fork", progname); @@ -379,6 +381,7 @@ default: /* parent */ fclose (data->write_pipe); data->write_pipe = 0; + data->pid = forked; break; } } @@ -405,6 +408,14 @@ if (name) free (name); fclose (data->read_pipe); + + if (data->pid) /* reap zombies */ + { + int status; + waitpid (data->pid, &status, 0); + data->pid = 0; + } + memset (data, 0, sizeof (*data)); free (data); } -- Jamie Zawinski ... From: Stanislav Brabec To: Jamie Zawinski Subject: Re: xscreensaver: zombie DoS from glslideshow Date: Tue, 21 Mar 2006 17:27:09 +0100 Jamie Zawinski writes: > I think this should fix it -- let me know? The patch looks somehow mangled, but after backporting it to 4.23 (attached) it seems not to fix this problem. --- grabclient.c +++ grabclient.c @@ -303,6 +303,7 @@ FILE *read_pipe; FILE *write_pipe; XtInputId pipe_id; + pid_t pid; } grabclient_data; @@ -350,7 +351,8 @@ (XtPointer) (XtInputReadMask | XtInputExceptMask), finalize_cb, (XtPointer) data); - switch ((int) (forked = fork ())) + forked = fork (); + switch ((int) forked) { case -1: sprintf (buf, "%s: couldn't fork", progname); @@ -361,6 +363,7 @@ fclose (data->read_pipe); data->read_pipe = 0; + data->pid = forked; /* clone the write pipe onto stdout so that it gets closed when the fork exits. This will shut down the pipe and @@ -405,6 +408,14 @@ if (name) free (name); fclose (data->read_pipe); + + if (data->pid) /* reap zombies */ + { + int status; + waitpid (data->pid, &status, 0); + data->pid = 0; + } + memset (data, 0, sizeof (*data)); free (data); }
Is glsideshow coming back? It is not in my up2dated 10.1. Brian
No. Patch from Jamie Zawinski did not fix the zombie DoS.
Fixed in xscreensaver-5.01 (even reporter can't reproduce it any more)