hardy: openssh-server oom_adj can lead to denial of service
Bug #293000 reported by
Karsten Suehring
This bug affects 3 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openssh (Debian) |
Fix Released
|
Unknown
|
|||
openssh (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Hardy |
Won't Fix
|
Medium
|
Unassigned |
Bug Description
Binary package hint: openssh-server
The ssh init script sets the /proc/$PID/oom_adj value to -17 to avoid being killed by the OOM killer in low memory situations. Unfortunately all child processes of sshd inherit this setting.
So any user with ssh access can easily launch a process which accumulates memory without being killed by the kernel until the system gets to out of memory kernel panic. This will lead to a denial of service.
The bug is already reported in the debian bug tracker under the following location:
http://
The fix is included in openssh/1:4.7p1-11. Please update Hardy to this package version.
Changed in openssh (Ubuntu): | |
status: | Incomplete → Triaged |
tags: |
added: lucid regression-release removed: regression-potential |
Changed in openssh (Ubuntu Hardy): | |
status: | New → Confirmed |
importance: | Undecided → Medium |
tags: | added: hardy |
affects: | debian → openssh (Debian) |
To post a comment you must log in.
As work-around I would suggest setting SSHD_OOM_ADJUST to 0 in /etc/default/ssh. This allows the killing of ssh and child processes by the OOM killer again.