[wildfly-dev] Shall we limit size of the deployment in WildFly?

Eduardo Sant´Ana da Silva eduardo.santanadasilva at gmail.com
Tue Nov 3 09:01:51 EST 2015 

Do we know if WF continues to work when e.g. the partition for
log files or other data is full?

>> You can try to down the server with a DOS like this:
http://sourceforge.net/p/jmdns/bugs/130/
As far as I know the server continue to run, but nothing else on the server
will be doing something useful since there is no space left.

This was what I report this year:

 I saw single files log with more than 2.5G of information on my standalone
log directory:

2015-07-20 06:53:46,024 SEVERE [javax.jmdns.impl.constants.DNSRecordType]
(SocketListener(45-55-77-19.local.)) Could not find reco
rd type for index: -1
2015-07-20 06:53:46,042 SEVERE [javax.jmdns.impl.DNSIncoming]
(SocketListener(45-55-77-19.local.)) Could not find record type: dns
[query,192.99.0.161:52050, length=184, id=0x5c78, flags=0x3030]
   0: 5c7830305c783030 5c7830305c783030 5c7830305c783031 5c7830305c783030
  \x00\x00 \x00\x00 \x00\x01 \x00\x00
  20: 5c7830305c783030 5c7830305c783030 5c7830395c783546 5c7837335c783635
  \x00\x00 \x00\x00 \x09\x5F \x73\x65
  40: 5c7837325c783736 5c7836395c783633 5c7836355c783733 5c7830375c783546
  \x72\x76 \x69\x63 \x65\x73 \x07\x5F
  60: 5c7836345c783645 5c7837335c783244 5c7837335c783634 5c7830345c783546
  \x64\x6E \x73\x2D \x73\x64 \x04\x5F
  80: 5c7837355c783634 5c7837305c783035 5c7836435c783646 5c7836335c783631
  \x75\x64 \x70\x05 \x6C\x6F \x63\x61
  a0: 5c7836435c783030 5c7830305c783043 5c7830305c783031
  \x6C\x00 \x00\x0C \x00\x01

2015-07-20 06:53:46,076 WARNING [javax.jmdns.impl.constants.DNSRecordClass]
(SocketListener(45-55-77-19.local.)) Could not find re
cord class for index: -1
2015-07-20 06:53:46,260 SEVERE
[javax.jmdns.impl.DNSIncoming$MessageInputStream]
(SocketListener(45-55-77-19.local.)) bad domain n
ame: possible circular name detected. Bad offset: 0xffffffff at 0xb6
2015-07-20 06:53:46,270 SEVERE [javax.jmdns.impl.constants.DNSRecordType]
(SocketListener(45-55-77-19.local.)) Could not find reco
rd type for index: -1
2015-07-20 06:53:46,296 SEVERE [javax.jmdns.impl.DNSIncoming]
(SocketListener(45-55-77-19.local.)) Could not find record type: dns
[query,192.99.0.161:52050, length=184, id=0x5c78, flags=0x3030, questions=1
questions:
[DNSQuestion at 2024648779 type: TYPE_IGNORE index 0, class: CLASS_UNKNOWN
index 0, name: 0\x00\x01\x00\x00\x00\x00\x00\x00\x
09\x5F\x73\x6.\x72\x76\x69\x63\x65\x73\x07\x5F\x64\x6E\x73\x2D\x73\.4\x04\x5F\x75\x64\x70\x05\x6C\x6F\x63\x61\x6C\x00\x00\.C\x00\x
01ϿϿϿϿϿϿϿϿϿϿϿϿϿϿϿϿϿϿϿϿ.]]
question:      [DNSQuestion at 2024648779 type: TYPE_IGNORE index 0, class:
CLASS_UNKNOWN index 0, name: 0\x00\x01\x00\x00\x0
0\x00\x00\x00\x09\x5F\x73\x6.\x72\x76\x69\x63\x65\x73\x07\x5F\x64\x6E\x73\x2D\x73\.4\x04\x5F\x75\x64\x70\x05\x6C\x6F\x63\x61\x6C\x
00\x00\.C\x00\x01ϿϿϿϿϿϿϿϿϿϿϿϿϿϿϿϿϿϿϿϿ.]
   0: 5c7830305c783030 5c7830305c783030 5c7830305c783031 5c7830305c783030
  \x00\x00 \x00\x00 \x00\x01 \x00\x00
  20: 5c7830305c783030 5c7830305c783030 5c7830395c783546 5c7837335c783635
  \x00\x00 \x00\x00 \x09\x5F \x73\x65
  40: 5c7837325c783736 5c7836395c783633 5c7836355c783733 5c7830375c783546
  \x72\x76 \x69\x63 \x65\x73 \x07\x5F
  60: 5c7836345c783645 5c7837335c783244 5c7837335c783634 5c7830345c783546
  \x64\x6E \x73\x2D \x73\x64 \x04\x5F
  80: 5c7837355c783634 5c7837305c783035 5c7836435c783646 5c7836335c783631
  \x75\x64 \x70\x05 \x6C\x6F \x63\x61
  a0: 5c7836435c783030 5c7830305c783043 5c7830305c783031
  \x6C\x00 \x00\x0C \x00\x01

Jason said me to use this:
In the CLI do:

/subsystem=logging/logger=javax.jmdns:add
/subsystem=logging/logger=javax.jmdns:write-attribute(name=level,value=OFF)

Or you can edit the XML and add:

 <logger category="javax.jmdns">
                <level name="OFF"/>
 </logger>

I think that maybe some kind of listener could be used to report on UI
administration the left space when it is too small. This could be very
useful, since there are a lot of masked problems that report a totally
different exception since porr try/catch statements that usually report
other unrelated message.

2015-11-03 11:30 GMT-02:00 Heiko W.Rupp <hrupp at redhat.com>:

> On 3 Nov 2015, at 14:19, David M. Lloyd wrote:
> > I'm pretty sure that if an attacker has permission to upload deployments
> > to the server, they already essentially have control over the server.
>
> Well, uploads can be remotely, so this can be seen as a DOS
> attack vector that does not necessarily require privileges
> for (physical) access like (remote) shell.
>
> And then I recall there being the zip bombs where a very small
> file would unzip to a huge one. This is probably nothing that
> could be caught by limiting the size of the upload.
>
> Do we know if WF continues to work when e.g. the partition for
> log files or other data is full?
>
>
> --
> Reg. Adresse: Red Hat GmbH, Technopark II, Haus C,
> Werner-von-Siemens-Ring 14, D-85630 Grasbrunn
> Handelsregister: Amtsgericht München HRB 153243
> Geschäftsführer: Charles Cachera, Michael Cunningham, Paul Hickey, Charlie
> Peters
> _______________________________________________
> wildfly-dev mailing list
> wildfly-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>



-- 
__________________________
Eduardo Sant'Ana da Silva - Dr.
Pesquisador / Consultor de TI
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/wildfly-dev/attachments/20151103/c7c0a2a5/attachment-0001.html

More information about the wildfly-dev mailing list