mesecons icon indicating copy to clipboard operation
mesecons copied to clipboard

Published 20 hours ago verified publisher icon minetest-mods

LuaController serializer abuse.

Open beyondlimits opened this issue 7 years ago • 9 comments

It is possible to extremely slow down server via forcing serializer to serialize a large fractal of nested tables, either in steps (my computer slows down after 24th):

interrupt(1)
mem.x = {mem.x, mem.x}

or bursting everything at once

for x = 1, 30 do
  o = {o, o}
end
mem.x = o

beyondlimits avatar Jul 15 '18 22:07 beyondlimits

@beyondlimits That particular bug can and should be fixed, but the core problem is unfixable. See https://github.com/minetest-mods/mesecons/issues/380#issuecomment-339689832 for some details; Lua just doesn’t offer enough sandboxing features.

numberZero avatar Jul 17 '18 22:07 numberZero

Possible solution: run the serializer under timeout.

numberZero avatar Sep 07 '18 20:09 numberZero

not allowing nested tables would solve this most likely

edit: past me meant to say those t = {} t.t = t tables which i have no idea how to detect not allowing nested tables (as in t = {} t.x = {} would be a super breaking change)

TheEt1234 avatar Mar 19 '24 13:03 TheEt1234

actually, improvements in minetest's serializer mean this isn't so easy to exploit currently. the following code gets up to 200 and beyond without any noticeable slowdown:

if event.type == "program" or event.type == "interrupt" then
 if pin.a then
  mem.i = (mem.i or 0) + 1
  digiline_send("LCD", tostring(mem.i))
  local o = mem.o or {}
  mem.o = {o, o}
 end

 interrupt(1)
end

trying to double the size of string instead of a table results in overheating after 16 iterations.

fluxionary avatar Mar 30 '24 22:03 fluxionary

oh cool, so it's basically fixed in the latest minetest version (?)

TheEt1234 avatar Mar 31 '24 13:03 TheEt1234

oh cool, so it's basically fixed in the latest minetest version (?)

seems to be. possibly there's some way to exploit this, but i everything i can think of leads to overheating before major problems.

fluxionary avatar Mar 31 '24 22:03 fluxionary

No, this is not fixed. It's still possible to create major lag spikes and a friend and I were even able to trigger an OOM server process kill on a 128GB RAM machine. (I won't share the code here for obvious reasons)

Niklp09 avatar Mar 31 '24 22:03 Niklp09

not allowing nested tables would solve this most likely

edit: past me meant to say those t = {} t.t = t tables which i have no idea how to detect not allowing nested tables (as in t = {} t.x = {} would be a super breaking change)

How could this be fixed without it being a breaking change

TheEt1234 avatar Apr 05 '24 18:04 TheEt1234

(ok i did not expect github to mention this across those issues.. why does it do that, well the above is somewhat unrelated to the issue)

TheEt1234 avatar Apr 05 '24 20:04 TheEt1234