Re: Solaris 2.5.1/2.6 fingerd bug

[casper () HOLLAND SUN COM (Casper Dik)]

> > Fiji (jfay) wrote:
> > > try finger @host@host@host....145 times.... This should run the # of
> > > processes in excess of 1500 and shoot the system load up to at least 13.5.
> > >
> > > You can also do a finger @hosta@hostb where hostb is a machine running
> > > 2.5.1 or 2.6. Now this has not been confirmed on Solaris (x86). The bug id
> > > is 4161606 but yet there is no patch available as of today.
> >
> > Yep, same thing happens for x86 running 2.6.
> >
> > ~james
>
> For what it's worth, the two 2.5.1 machines I currently run don't have
> this problem.  Both were installed using 2.5.1 HW:4/97 media and then
> subsequently brought up to Generic_103640-21 via the current (ie. a few
> weeks ago) 2.5.1_Recommended kit.  The machines are a sparc 2 and 10.


There's actually a quite simple workaround (BTW, one finger can't
create 1500 processes; there's a buffer of 512 characters and you
get at most 512 /(1+lenghtofhostname)*2 processes.)

The quick fix is to set the number of processes per user to a acceptable
value by editing /etc/system:


        set maxuprc = 50


This will limit the number of processes per user (not including root, but
including nobody) to a small value.  For certain setups, you can pick
a larger system.

If you dont' want to reboot, it's bit harder, but try:

        adb -wk
        v+0x1c/W<num>


Casper