[LUCID] We need "limit" Upstart-ed ssh respawning

Bug #533352 reported by Fumihito YOSHIDA on 2010-03-06
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openssh (Ubuntu)
Undecided
Unassigned

Bug Description

ssh is now handling by upstart native jobs(with /etc/init/ssh.conf configs), and "respawn" stanza. This is great works. But this behavior is not familiar for security paranoid.

Scenario:
  - sshd is enougth to berief, but this is not perfect. In future, if we have got vuln for exploiting sshd, that can "randomly" type atacks (e.g.: buffer overflow, it is exploitable with probabilistic atacks, like brute force.).
  - endless respawning is weaken for these "memory address brute force" atacks.

IMHO, when using "respawn" stanza, it needs something "limit" stanza (e.g.: respawn limit 60 30)
or any other way ( e.g.: MAC by AppArmor).

limitation by "limit" can mitigates(atack speed limitation) probabilistic atacks.
This limitation provides potential over-limit DoS, but unlimited respawning is dangerous.

# May be, we have to improvement upstart respawn stanza, like "respawn delay"
# feature...(see https://bugs.launchpad.net/upstart/+bug/252997)

....Yes, this wish is not only ssh services. But ssh is most popular + internet accessible services.
In general cases, administrator use "ufw limit ssh" settings. Its not hazardous.

Fumihito YOSHIDA (hito) on 2010-03-06
visibility: private → public
Fumihito YOSHIDA (hito) on 2010-03-06
description: updated
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openssh - 1:5.3p1-3ubuntu2

---------------
openssh (1:5.3p1-3ubuntu2) lucid; urgency=low

  * Always set child processes' OOM adjustment to 0, since Upstart will have
    set sshd's OOM adjustment on startup and so simply restoring the startup
    value won't work (LP: #293000). Thanks to Karsten Suehring for
    analysis.
  * Limit automatic respawning to 10 times in 5 seconds (thanks to Fumihito
    YOSHIDA for the suggestion; LP: #533352).
 -- Colin Watson <email address hidden> Sat, 06 Mar 2010 22:00:19 +0000

Changed in openssh (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers