[Chicken-users] [SECURITY] Buffer overrun vulnerability in Chicken's scheduler

[Peter Bex]

Hello Chicken users,

Recently a buffer overrun error was discovered in Chicken's thread
scheduler.  This buffer overrun is triggered on UNIX-like OSes when a
file descriptor with an integer value higher than FD_SETSIZE gets
opened due to the way the POSIX select() function is currently being
used.

Every Chicken program which accepts a potentially unlimited number of
incoming network connections or otherwise opens an unlimited number of
file descriptors is potentially vulnerable to an application crash.

Currently a patch is being developed.  In the meanwhile an effective
workaround is to limit the maximum number of open descriptors using
the Unix "ulimit -n" command.

Please verify the maximum number of descriptors supported safely by
Chicken by compiling following one-line program using csc and then
running the resulting binary:

(print (foreign-value "FD_SETSIZE" int))

Simply ensure that the programs you want to protect run under a maximum
number of open files ulimit that matches this number (or lower).

lease note that this bug also affects people using the
"high-load-scheduler" egg, which provides an alternative scheduler
implementation.

On Windows, there is no buffer overrun danger, but there is a potential
problem of threads never waking up; there is currently no known
workaround for this.

References
----------

https://lists.ubuntu.com/archives/ubuntu-devel/2010-September/031446.html
http://sourceware.org/bugzilla/show_bug.cgi?id=10352
http://pubs.opengroup.org/onlinepubs/007908799/xsh/poll.html
http://netbsd.gw.com/cgi-bin/man-cgi?select++NetBSD-current

Kind regards,
The Chicken team