Hemiptera Bugtracker at bugs.linux-forks.de

advtrains

Rework interrupt system in luaatc, Fork bombs easily buildable

Send replies to 134@bugs.linux-forks.de or using the Form below.
avatar From: OP
Sat, 30 Nov 2019 00:40:02 -0000

Through chaining of interrupts, it is easy to flood the server with

interrupts. For instance, in trap city, interrupts piled up on an info

system, since each interrupt launched a new one. This should be

mitigated by adding a kind of interrupt that makes sure it is the only

interrupt of its kind.

Also, this is a security risk that is trivially exploitable: just have a

luaatc component launch two interrupts on itself, which should quickly

grind the server to a halt.

avatar From: Developer
Fri, 25 Dec 2020 17:50:01 -0000

A safe alternative is the schedule() call provided by advtrains_lines.

It currently only allows a single interrupt to be issued.

Quick poll: It would be reasonable to also restrict interrupt() to one

interrupt at a time. If there is any setup that would break when

implementing this, please answer.

avatar From: OP
Fri, 25 Dec 2020 18:10:02 -0000

134@bugs.linux-forks.de writes:

> Quick poll: It would be reasonable to also restrict interrupt() to one

> interrupt at a time. If there is any setup that would break when

> implementing this, please answer.

Probably a cancel_interrupts() call would be better for dead-end code

branches, or also safe_interrupt() which only runs if there is no other

interrupt at the position.

avatar From: Developer
Sat, 20 Feb 2021 09:06:02 -0000

Implemented as per proposal as interrupt_safe() and cancel_interrupts().

Closing.

avatar Status Update
Sat, 20 Feb 2021 09:12:01 -0000
This bug was closed.
Reply