TUCoPS :: SunOS/Solaris :: httpd1.htm

Solaris AnswerBook 2 fails to delete temp files (under certain conditions)
Vulnerability

    AnswerBook2

Affected

    Sun AnswerBook2

Description

    Dave Monnier found following.   Sun AnswerBook2 ships with a  HTTP
    server  (dwhttpd,  DynaWeb's  httpd)  that  allows users to access
    Solaris documentation using a web browser.  By default the  server
    listens on port 8888.

    Sun's  Answerbook  fails  under   certain  conditions  to   delete
    temporary  files  that  are  built  by its print function, filling
    /tmp,  and  causing  the  system  to fail because processes cannot
    fork.  Briefly, the dwhttp print function builds Postscript  files
    in /tmp  and downloads  them to  the user's  browser.   It deletes
    Postscript files after they are successfully sent to the  browser.
    It  fails  to  delete  postcript  files  if  the  requesting   TCP
    connection is broken  before files are  completely built and  sent
    to the browser.  Undeleted files  can be large, and they are  more
    likely to be large than small.  First, some printed documents  are
    in excess of 50mb.   Second, users often abort print  requests for
    large  documents  because  the  requests  require  a  long time to
    fulfill and users believe that their requests have failed.   Users
    often try again.  Relatively  few large requests are necessary  to
    fill a reasonably sized /tmp  directory.  When /tmp fills  Solaris
    fails because  /tmp is  used for  swap.   If/when /tmp fills, swap
    space eventually also  fills preventing additional  procesees from
    being  swapped.   Eventually  system  memory  will  fill causing a
    failure of process spawning alltogether.

    So far as we know it  is not possible to configure the  Answerbook
    dwhttp server to  use a directory  other than /tmp  for generating
    Postscript.

Solution

    No official fix.  Non-malicious use of Answerbook can be prevented
    from  crashing  Solaris  by  a  cron  job  that  cleans Answerbook
    Postscript files from /tmp very frequently.  A suitable  frequency
    depends upon the size of /tmp, the amount of swapping activity  on
    a system and demand  for Answerbook.  Answerbook  Postscript files
    can be globbed using dweb*.ps.

    The only known safe-guard against malicious attack is to  shutdown
    Answerbook.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH