Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: avoid remsh node name overflow atom table #9387

Merged
merged 1 commit into from Nov 17, 2022
Merged

chore: avoid remsh node name overflow atom table #9387

merged 1 commit into from Nov 17, 2022

Conversation

lafirest
Copy link
Member

@lafirest lafirest commented Nov 17, 2022
edited

The remsh node name is generated to be unique, this may cause atom leakage, so we need to change the generation rule to limit the total of these names

PR Checklist

Please convert it to a draft if any of the following conditions are not met. Reviewers may skip over until all the items are checked:

  • Added tests for the changes
  • Changed lines covered in coverage report
  • Change log has been added to changes/ dir
  • For EMQX 4.x: appup files updated (execute scripts/update-appup.sh emqx)
  • For internal contributor: there is a jira ticket to track this change
    EMQX-8221
  • If there should be document changes, a PR to emqx-docs.git is sent, or a jira ticket is created to follow up
  • In case of non-backward compatible changes, reviewer should check this item as a write-off, and add details in Backward Compatibility section

Backward Compatibility

More information

@lafirest
chore: make remsh node name away from the atom DOS attack
c430218 
The remsh node name is generated to be unique, this may cause atom leakage, so we need to change the generation rule to limit the total of these names
@lafirest lafirest marked this pull request as ready for review November 17, 2022 09:55
@lafirest lafirest requested a review from a team November 17, 2022 09:56
@lafirest lafirest merged commit 4dd34d1 into emqx:master Nov 17, 2022
@lafirest lafirest deleted the fix/ctl_atom_leak branch November 17, 2022 11:17
@zmstone zmstone changed the title chore: make remsh node name away from the atom DOS attack chore: avoid remsh node name overflow atom table Nov 17, 2022
@zmstone
Copy link
Member

zmstone commented Nov 17, 2022

Just to be clear, this is NOT any attack.
If an attacker gained access to run emqx shell commands, atom table overflow is perhaps the least to care about.

@lafirest lafirest mentioned this pull request Nov 18, 2022
Merged
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ieQu1 ieQu1 ieQu1 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@lafirest @zmstone @ieQu1