-
Notifications
You must be signed in to change notification settings - Fork 13.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Service manager fixes #16316
Service manager fixes #16316
Conversation
…reference it, and trust the service manager
@adfoster-r7 - i would venture those "additional issues" come from the circle of hell where we keep the handler/session logic (they made a new one, just for us - number 1337). |
Yeah, I think some of these issues are related to how modules think |
Okay, so looking more into this, it became apparent that this is an issue in a few other places.
The |
@msjenkins-r7 test this please. |
I recently mucked with how stops work, because some modules run multiple services, so i split them out. We might be looking at the unintended effects of that. @smashery, if you have a sec, could you possibly trace the stop calls in there and see whether its an early call from the module or something tripping in the actual lib piece? I didn't audit all consumers, so this may well be on me. |
@sempervictus I realise I've combined a few issues into this one PR here, which is muddying the waters a bit. I think what I've seen in general is just a bit of inconsistency in how different parts of the code interact with the service manager:
I think it's at a point where it's more consistent, and I can't see any issues (since fixing the one @adfoster-r7 raised). Are you suggesting, though, that you have some outstanding work that might conflict with these changes? |
@msjenkins-r7 test this please |
Ran through a few scenarios, and this does a great job of cleaning up things as expected now. I imagine there might be gremlins still, but after the feedback is applied I think this should be good to ship ⛵ |
Release NotesEnsures individual modules no longer accidentally shutdown joint services that are used across multiple modules/handlers etc, such as HTTP servers. Modules will now correctly unregister interest in the global service, and if there are no longer any interested modules in the running global service, it will be shut down correctly. |
This resolves several edge-case bugs in the service manager. I've grouped them together into one issue because the fixes are in some cases overlapping, and it seems better to test the entire feature at once given all the changes to it.
Bug 1: Communication channel not respected in service manager #16314
Bug 2: Socket leak: HTTP service not dereferenced #16315
Verify the following:
use exploit/multi/handler
set payload linux/x64/meterpreter_reverse_http
set lport 8080
set lhost 0.0.0.0
run -j
set luri abc
run -j
Bug 3: String key collision
The service manager attempts to find existing services based on a string-concatenated key of important properties (i.e. IP, port number). No delimiter was placed between the port and the host, so Port 123 on host 45.6.7.8 would be treated the same as port 1234 on host 5.6.7.8, and the service. I can't think of a situation that it's likely to happen (given that it actually needs to bind to that IP), but it's definitely a logic error. You can probably just verify this with a code review.
Bug 4: Modules don't use reference counting
The modules
exploit/multi/misc/java_rmi_server
andexploit/osx/browser/safari_file_policy
callstop
on the service directly, rather than respecting reference counting. As a result, any other services running at the same time as them on the same port will be killed by these modules.