polkitd stuck in poll()
Petr Mrazek
peterix at gmail.com
Sat May 15 08:03:16 PDT 2010
Hello again,
I've done a bit of testing and got some backtraces (still fighting with my distro and strip getting in the way, but whatever).
I have a client 'kauthDoS' that uses polkit_authority_check_authorization_sync through several layers of other libraries.
At random, both the client and polkitd stop responding, stuck waiting on poll() inside dbus. Basically, it's a denial of service attack on polkitd.
I think it should be possible to repeat without the extra polkit-qt and KAuth layers.
The stuck client backtrace:
#0 0x00007ffff65aa188 in poll () from /lib/libc.so.6
#1 0x00007ffff2bf81c0 in socket_do_iteration () from /usr/lib/libdbus-1.so.3
#2 0x00007ffff2bf661d in _dbus_transport_do_iteration () from /usr/lib/libdbus-1.so.3
#3 0x00007ffff2be2b0e in _dbus_connection_do_iteration_unlocked () from /usr/lib/libdbus-1.so.3
#4 0x00007ffff2be4e50 in _dbus_connection_block_pending_call () from /usr/lib/libdbus-1.so.3
#5 0x00007ffff325f766 in egg_dbus_connection_pending_call_block (connection=0x6add50, pending_call_id=74401)
at eggdbusconnection.c:2521
#6 0x00007ffff39926ad in polkit_authority_check_authorization_sync () from /usr/lib/libpolkit-gobject-1.so.0
#7 0x00007ffff3bb9324 in PolkitQt1::Authority::checkAuthorizationSync(QString const&, PolkitQt1::Subject*, QFlags<PolkitQt1::Authority::AuthorizationFlag>) () from /home/kde-devel/kde/lib/libpolkit-qt-core-1.so.0
#8 0x00007ffff3dca72e in KAuth::Polkit1Backend::actionStatus (this=<value optimized out>, action=...)
at /home/kde-devel/kde/src/KDE/kdelibs/kdecore/auth/backends/polkit-1/Polkit1Backend.cpp:87
#9 0x000000000040162e in main (argc=1, argv=<value optimized out>)
at /home/kde-devel/kde/src/KDE/kdelibs/kdecore/auth/kauthDoS.cpp:40
The stuck polkitd backtrace:
#0 0x00007ffff71ca188 in poll () from /lib/libc.so.6
#1 0x00007ffff5b361c0 in socket_do_iteration () from /usr/lib/libdbus-1.so.3
#2 0x00007ffff5b3461d in _dbus_transport_do_iteration () from /usr/lib/libdbus-1.so.3
#3 0x00007ffff5b20b0e in _dbus_connection_do_iteration_unlocked () from /usr/lib/libdbus-1.so.3
#4 0x00007ffff5b22f63 in _dbus_connection_block_pending_call () from /usr/lib/libdbus-1.so.3
#5 0x00007ffff6cb4766 in egg_dbus_connection_pending_call_block (connection=0x61a990, pending_call_id=196205) at eggdbusconnection.c:2521
#6 0x00007ffff6cb3f6c in egg_dbus_connection_send_message_with_reply_sync (connection=0x61a990, call_flags=EGG_DBUS_CALL_FLAGS_NONE, message=0x26ac0c10, error_types=0x0,
cancellable=0x0, error=0x7fffffffe6d8) at eggdbusconnection.c:2302
#7 0x00007ffff6cab7af in egg_dbus_bus_get_connection_unix_user_sync (instance=0x620450, call_flags=EGG_DBUS_CALL_FLAGS_NONE, _name=0x26acb1c0 ":1.866",
_out_uid=0x7fffffffe59c, cancellable=0x0, error=0x7fffffffe6d8) at eggdbusbus.c:3139
#8 0x00007ffff7bc1238 in polkit_backend_session_monitor_get_user_for_subject () from /usr/lib/libpolkit-backend-1.so.0
#9 0x00007ffff7bbcc1a in polkit_backend_interactive_authority_check_authorization () from /usr/lib/libpolkit-backend-1.so.0
#10 0x00007ffff7bb9ef2 in authority_handle_check_authorization () from /usr/lib/libpolkit-backend-1.so.0
#11 0x00007ffff7bca979 in handle_message () from /usr/lib/libpolkit-backend-1.so.0
#12 0x00007ffff6cb3d0c in filter_function_handle_method_call (dconnection=0x60da00, dmessage=0x26acb0d0, user_data=0x61a990) at eggdbusconnection.c:2213
#13 0x00007ffff6cb0a2a in filter_function (dconnection=0x60da00, message=0x26acb0d0, user_data=0x61a990) at eggdbusconnection.c:294
#14 0x00007ffff5b22936 in dbus_connection_dispatch () from /usr/lib/libdbus-1.so.3
#15 0x00007ffff5d5a975 in message_queue_dispatch () from /usr/lib/libdbus-glib-1.so.2
#16 0x00007ffff76b3b33 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#17 0x00007ffff76b4310 in g_main_context_iterate () from /usr/lib/libglib-2.0.so.0
#18 0x00007ffff76b4982 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
#19 0x0000000000400a12 in main ()
More information about the polkit-devel
mailing list