[Pkg-utopia-maintainers] Bug#818362: dbus ignores the configured auth_timeout
Simon McVittie
smcv at debian.org
Wed Mar 16 14:52:19 UTC 2016
On Wed, 16 Mar 2016 at 14:11:12 +0100, Harald Dunkel wrote:
> dbus[191]: [system] Connection has not authenticated soon enough, closing it (auth_timeout=30000ms, elapsed: 30000ms)
That's the system bus (per machine, VM or container).
> Problem is: auth_timeout is configured as 240 secs:
>
> # grep -r auth_timeout /etc/dbus-1
> /etc/dbus-1/session.conf: <limit name="auth_timeout">240000</limit>
That's the session bus (per user login session), which is different.
> So I wonder where the 30secs come from?
It's the hard-coded default in dbus-daemon. The hard-coded defaults are
intended to be sensible, conservative values; the system bus mostly
doesn't override them, while the session bus (which is not a security
boundary on mainstream systems) overrides them to something really large.
> How can I increase the
> timeout to enable booting a handful of LXC containers in parallel?
Create /etc/dbus-1/system-local.conf containing:
<busconfig>
<limit name="auth_timeout">123456</limit>
</busconfig>
The value is in milliseconds, adjust as required.
How many LXC containers are you booting, on what hardware, and what
service is connecting to the system bus and getting rejected? It would be
better if you could avoid having to raise this limit too high. The limit
was added to resolve CVE-2014-3639, a denial of service vulnerability:
with a high or infinite authentication timeout, a uid (let's say alice) can
prevent another uid (let's say bob) from connecting to the system
bus, by opening enough connections to fill all the unauthenticated
connection slots (by default 64 connections) and not making any attempt to
authenticate themselves.
You might be able to mitigate this by increasing the
max_incomplete_connections limit. By default the system dbus-daemon will
support up to 64 incomplete (unauthenticated) connections, up to 256
authenticated connections per uid (max_connections_per_user), and up to
2048 authenticated connections in total (max_completed_connections).
In general we can't tell whose a connection is until it has authenticated,
but on Linux with the default system bus configuration we can, so in newer
upstream versions we might be able to mitigate this sort of thing by
making uid 0 immune to these limits. Would that solve this for you?
S
More information about the Pkg-utopia-maintainers
mailing list