scrollkeeper DoSing www.oasis-open.org during install
Justin Mason
jm at jmason.org
Wed Nov 12 19:40:19 UTC 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi folks --
I recently upgraded from RH9 to FC1 using yum, and noticed some
odd behaviour during the upgrade.
Every time a Gnome2 rpm was installed, scrollkeeper-update would
run. This would run some rebuild of Docbook documentation, which
seemingly did not have all the required files present; this
caused it to load files (via HTTP) from www.oasis-open.org. I caught
it accessing this URL in particular:
http://www.oasis-open.org/docbook/xml/4.1.2/dbpoolx.mod
Unfortunately, the website often does not respond, or would respond with
a partial copy of the file, producing SGML parser errors.
A quick websearch finds several other people in the same situation.
I'm inclined to surmise that the number of Gnome2 installs being
performed over the last couple of weeks has DDoS'd www.oasis-open.org,
resulting in these hung requests and partial files.
I worked around it by doing:
mv /usr/bin/scrollkeeper-update{,.SLOW}
ln -s /bin/true /usr/bin/scrollkeeper-update
killall scrollkeeper-update
So FYI -- if you're upgrading while online, and see Gnome2-related
packages taking an extremely long time to install, that may
help.
Suggested fix for Fedora: don't run scrollkeeper-update from every Gnome2
package's postinstall stanza; fix scrollkeeper to not make
remote HTTP requests introducing a remote single point of failure.
- --j.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Exmh CVS
iD8DBQE/soyjQTcbUG5Y7woRAitYAJsEaNxzuHCX/NHXqw10HodJYxngaQCgnEyH
Gu7ldWGrVGyxYce057CmzBI=
=Ze5p
-----END PGP SIGNATURE-----
More information about the fedora-list
mailing list