File Descriptor Exhaustion
Category ID: 769 (Category)Status: Incomplete
+ Description

Description Summary

The software can be influenced by an attacker to open more files than are supported by the system.

Extended Description

There are at least three distinct scenarios which can commonly lead to file descriptor exhaustion:

  • 1. Lack of throttling for the number of open file descriptors

  • 2. Losing all references to a file descriptor before reaching the shutdown stage

  • 3. Failure to close file descriptors after processing

+ Time of Introduction
  • Architecture and Design
  • Implementation
+ Likelihood of Exploit

Low to Medium

+ Potential Mitigations

Phases: Implementation; Architecture and Design

If file I/O is being supported by an application for multiple users, balancing the resource allotment across the group may help to prevent exhaustion as well as differentiate malicious activity from an insufficient resource pool.

Phase: Implementation

Consider using the getrlimit() function included in the sys/resources library in order to determine how many files are currently allowed to be opened for the process.

(Good Code)
Example Language:
#include <sys/resource.h>
...
int return_value;
struct rlimit rlp;
...
return_value = getrlimit(RLIMIT_NOFILE, &rlp);
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness BaseWeakness Base400Uncontrolled Resource Consumption ('Resource Exhaustion')
Development Concepts (primary)699
ParentOfWeakness VariantWeakness Variant773Missing Reference to Active File Descriptor or Handle
Development Concepts (primary)699
ParentOfWeakness VariantWeakness Variant774Allocation of File Descriptors or Handles Without Limits or Throttling
Development Concepts (primary)699
ParentOfWeakness VariantWeakness Variant775Missing Release of File Descriptor or Handle after Effective Lifetime
Development Concepts (primary)699
+ References
+ Maintenance Notes

This entry

+ Content History
Submissions
Submission DateSubmitterOrganizationSource
2009-05-08Internal CWE Team