Denial Of Service attack on HTTP server
Rob Landley
rob at landley.net
Sun Mar 7 17:21:25 UTC 2010
On Sunday 07 March 2010 08:45:36 Ajith Adapa wrote:
> So for 1.2 version of httpd.c file it seems I got only 2 choices to
> solve my problem
>
> 1. Create a signal handler function for SIGCHLD signal and decrement
> the value for cur_clients variable and take care of not creating any
> zombies accidentally. This solution at present working like a charm
> and no zombies created until now ...
Go with 1. You hae a working solution, life is good. We're not interested in
taking that solution upstream because you're forking a codebase from 2006.
That said, I am kind of curious what prevents the current httpd from
forkbombing the system if exposed to a ddos attack. (Or simply a mention from
Neil Gaiman's twitter account, which accomplishes the same thing.)
A quick glance at the code showed me 2400 lines of #ifdef salad (including
some #if 0) blocks, and I can't read much more without getting distracted into
trying to _fix_ it, which is not how I want to spend today... (I still owe you
a kernel zlib rewrite, currently item #8 on my todo list...)
Rob
--
Latency is more important than throughput. It's that simple. - Linus Torvalds
More information about the busybox
mailing list