[kgb-maintainers] Bug#776424: Bug#776424: can be crashed by some network traffic

Damyan Ivanov dmn at debian.org
Sun Feb 8 18:01:14 UTC 2015 

-=| Joey Hess, 27.01.2015 18:00:11 -0400 |=-
> Source: kgb-bot
> Version: 1.33-2
> Severity: important
> Tags: security
> 
> 2015.01.19 18:08:39: Listening on http://0.0.0.0:9999?session=KGB
> 2015.01.19 18:08:43: Connected to freenode (holmes.freenode.net)
> 2015.01.19 18:08:43: Joining #commits...
> 2015.01.19 18:08:43: Connected to oftc (graviton.oftc.net)
> 2015.01.19 18:08:43: Joining #ikiwiki #vcs-home #git-annex...
> Did not get DONE/CLOSE event for Wheel ID 73 from IP 222.186.34.155 at
> /usr/share/perl5/POE/Component/Server/SimpleHTTP.pm line 221.
> I had a problem posting to event Got_Request of session SOAPServer for
> DIR handler '.*'. As reported by Kernel: 'No such file or directory',
> perhaps the session name is spelled incorrectly for this handler? at
> /usr/share/perl5/POE/Session.pm line 483.

Tincho, can you have a look? I'm afraid POE internals are a mystery to 
me.

A way to reproduce the problem would certainly help too.

> This has happened to me twice now, and it takes the bot down.
> 
> root at elephant:/home/joey>systemctl  status kgb-bot.service 
> ● kgb-bot.service - LSB: Collaborative IRC helper
>    Loaded: loaded (/etc/init.d/kgb-bot)
>    Active: active (exited) since Mon 2015-01-19 14:08:39 JEST; 1 weeks 1 days ago
>   Process: 26584 ExecReload=/etc/init.d/kgb-bot reload (code=exited, status=0/SUCCESS)
> 
> Jan 26 03:57:27 elephant kgb-bot[26584]: Reloading Collaborative IRC helper: kgb-bot.
> 
> systemd thinks the service is running ok, but the daemon has in fact crashed or
> exited because of the event logged above. Both "service kbg-bot start" and
> "systemctl start kgb-bot" do nothing. I have to "service kgb-bot stop" to get
> out of this state. (It seems that this could stand to be improved, by eg,
> writing a systemd service file that doesn't let the daemon fork, so systemd
> can handle logging and know when the process has exited.)

This is easy to fix, as the bot has a --foreground parameter.

> Here's the log from the previous time it happened:
> 
> 2015.01.15 23:05:33: Connected to freenode (wolfe.freenode.net)
> 2015.01.15 23:05:33: Joining #commits...
> Did not get DONE/CLOSE event for Wheel ID 1089 from IP 222.186.34.155 at /usr/share/perl5/POE/Component/Server/SimpleHTTP.pm line 221.
> I had a problem posting to event Got_Request of session SOAPServer for DIR handler '.*'. As reported by Kernel: 'No such file or directory', perhaps the session name is spelled incorrectly for this handler? at /usr/share/perl5/POE/Session.pm line 483.
> 
> I don't know the IP 222.186.34.155. I assume it is trying to exploit my
> server with its DIR .*

"DIR .*" is a red herring here. The SOAP service registers a HTTP 
handler for all paths, expressed as ".*" (AIUI).

> Since this appears to be at least a DOS, I've tagged the bug as 
> a minor security issue.

Thanks.

Putting "debug: 1" in /etc/kgb-bot/kgb.conf will turn on debugging 
(and excessive logging). Perhaps that can give more clues the next 
time the crash happens.


-- dam
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/kgb-maintainers/attachments/20150208/c80ebb7e/attachment.sig>

More information about the kgb-maintainers mailing list