[Rack] Rewrite of opengate-www script

Jacob Appelbaum jacob at appelbaum.net
Sun Dec 5 08:58:31 UTC 2010


On 12/05/2010 12:47 AM, Benny Baumann wrote:
> Hi,
> 
> there has been some timing issue / racing condition inside the
> opengate-www script which could be used to buzz the gate multiple times
> inside the 30 seconds window. The problem was caused by the command
> "sleep" beeing issued last in the script, thus opening a window of
> approx. 5-10 seconds for multiple buzzing the gate while another
> instance was still processing. Since the load caused by buzzing the gate
> could be used to slow down the SSH processing and other script
> activities this could be used for a DoS attack on the gate.
> 
> I rewrote the script opengate-www from scratch moving the offending
> sleep command to the FIRST operations of the script. This does not fully
> eliminate the racing condition (which would require an atomar operation
> of starting the sleep and asking for different instances), but reduces
> hitting this racing condition to an absolute minimum.
> 

Can't you just use a lock file and get rid of the race condition entirely?

All the best,
Jacob



More information about the Rack mailing list