Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 17274 - Deny-Of-Service-Attack: "FAMOpen failed, FAMErrno=0"
Summary: Deny-Of-Service-Attack: "FAMOpen failed, FAMErrno=0"
Status: RESOLVED WONTFIX
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] GNOME (show other bugs)
Hardware: All Linux
: High critical (vote)
Assignee: Gentoo Linux Gnome Desktop Team
URL: http://bugzilla.gnome.org/show_bug.cg...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2003-03-10 20:58 UTC by Mathias Hasselmann
Modified: 2003-03-11 16:56 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments
A patch for the issue (gnome-vfs-2.2.1-DenyOfService.diff,1.29 KB, patch)
2003-03-10 20:59 UTC, Mathias Hasselmann
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Mathias Hasselmann 2003-03-10 20:58:45 UTC
If gnome-vfs is compiled with FAM support but the file monitor isn't
launched on startup, something really nasty can happen: Your log files will
reach titanic dimensions within short time. Main content of those files:
"FAMOpen failed, FAMErrno=0".

This behaviour is disastrious in two ways: 

 1) Breaking FAM causes gnome-vfs clients like Nautilus to start a
marvilious deny of service attack, flooding the user's hard disk with
meaningless messages within short time.

 2) As meantioned already: The message is meaningless - causing the user to
tap in the dark, when trying to resolve the problem.

Attached you'll find a patch addressing both problems: The new error
message contains some words about what's going wrong and message generation
is throttled. I believe it's ok to throttle this message, since the message
doesn't address a specific, but a system error. 


Reproducible: Always
Steps to Reproduce:




The bug also is filed in GNOME's bugzilla:
http://bugzilla.gnome.org/show_bug.cgi?id=108063
Comment 1 Mathias Hasselmann 2003-03-10 20:59:41 UTC
Created attachment 9236 [details, diff]
A patch for the issue

Going to create a new ebuild file now.
Comment 2 foser (RETIRED) gentoo-dev 2003-03-11 08:06:21 UTC
hmm well afaik these messages only turned up like a few times with every app, maybe some more with nautilus. But i've never seen it causing .gnomerc-errors growing out of proportions (altough i did see other things do that).

But i think this message already got removed in gnome-vfs-2.2.2 and up, so this should pretty soon be history.
Comment 3 Mathias Hasselmann 2003-03-11 15:30:50 UTC
> But i think this message already got removed

In 2.2.2 teuf added an "#ifdef DEBUG". Suboptimal for Gentoo: Due Gentoo's don't-activate-init-scripts-on-install policy -- which is a good policy, IMHO -- you have no chance to realize something's wrong, without that message. Well, of course gnome-vfs's .ebuild produces a message informing you about the need to activate fam... Well... But who reads the zillions of messages generated by a three-day-Gentoo-installation-party?

Gave teuf a less bloated patch:
http://bugzilla.gnome.org/showattachment.cgi?attach_id=14929
There are some chances that he'll merge it.

> But i've never seen it causing .gnomerc-errors growing out
Trust me. It really were three GByte. My little sister's version still reached 800 MByte...
Comment 4 foser (RETIRED) gentoo-dev 2003-03-11 16:56:27 UTC
well, most people don't run gnome stuff from a term or even know about .gnomerc-errors , so leaving it there as a 'something's missing' messages doesn't do much i think and since the message is gone in the current gnome-vfs, the .gnomerc-error won't eat all diskspace anymore because of it.

But you do have a point about people not being aware that fam needs to be running,  we could put the warning message at the end of the gnome-meta ebuild and mention it in the installtion doc on the site somewhere. Sounds like a reasonable solution to you ?

Anyway, i know those messages right now are maybe a quick scroll-by in a large install but there are plans to log them for later review.