Bugtraq mailing list archives
Re: Shared memory DoS's
From: multics () WIZVAX WIZVAX NET (Richard Shetron)
Date: Tue, 20 Jul 1999 23:00:35 -0400
Multics was designed with the entire system running in VM in the early 60's (the first boot was around 1969). You never opened a file, you asked the OS to give you the VM address of the start of the 'segment' and the length of the segment. Everything was done in VM. Each 'user' had their own tmp space and quota so if you ran out of your personal tmp, you get stopped. typical process for an editor to read a file: get segment name from user call OS to get address of first bit of segment. allocate working segment. substr(working segment,,lenght) = substr(segment to edit,,length); edit file
Tops-20 had mapped memory segments before VMS was born. It was called PMAP back then (for Page Map). I don't know if it had the same vulnerability. Howie Kaye "Dick St.Peters" wrote:Mike Perry writes:So as it turns out that it is in fact possible to create a DoS condition by requesting a truckload of shared mem, then triggering pagefaults in the entire shared region.Mapped memory segments have been susceptible to this since at least the early days of VMS, which AFAIK was the first OS to implement mapped memory (VMS used the term "mapped section"). I ran into this by accident no later than 1982 while doing image processing on a VMS system. My processes run at the lowest possible priority (equivalent to the highest possible niceness), would effectively shut down the system until they completed. VMS didn't have a lot of tools for analyzing what was happening, but a few experiments quickly showed the culprit was page faulting. Image processing tends to step through memory sparsely. Sorry - I no longer have an exploit :) -- Dick St.Peters, stpeters () NetHeaven com Gatekeeper, NetHeaven, Saratoga Springs, NY Saratoga/Albany/Amsterdam/BoltonLanding/Cobleskill/Greenwich/ GlensFalls/LakePlacid/NorthCreek/Plattsburgh/... Oldest Internet service based in the Adirondack-Albany region
-- Richard Shetron multics () wizvax net multics () acm rpi edu What is the Meaning of Life? There is no meaning, It's just a consequence of complex carbon based chemistry; don't worry about it The Super 76, "Free Aspirin and Tender Sympathy", Las Vegas Strip.
Current thread:
- Re: Shared memory DoS's, (continued)
- Re: Shared memory DoS's Nicolas V. Chernyy (Jul 15)
- Re: Shared memory DoS's Mike Perry (Jul 17)
- Mail relay vulnerability in RedHat 5.0, 5.1, 5.2 David Luyer (Jul 16)
- Re: Mail relay vulnerability in RedHat 5.0, 5.1, 5.2 Ollivier Robert (Jul 19)
- Re: Mail relay vulnerability in RedHat 5.0, 5.1, 5.2 Matt Dunn (Jul 22)
- Re: Mail relay vulnerability in RedHat 5.0, 5.1, 5.2 Daniele Orlandi (Jul 24)
- Re: Shared memory DoS's Glynn Clements (Jul 16)
- Re: Shared memory DoS's Mike Perry (Jul 16)
- Re: Shared memory DoS's Howard Kaye (Jul 19)
- Samba 2.0.5 security fixes Andrew Tridgell (Jul 20)
- Re: Shared memory DoS's Richard Shetron (Jul 20)
- Delegate creates directories writable for anyone Olaf Seibert (Jul 21)
- Administrivia Aleph One (Jul 22)
- SNMP communities in 3Com HiPer Arcs (maybe other 3Com products?) Jeff Mcadams (Jul 20)
- Correction to Microsoft Security Bulletin MS99-025 aleph1 () UNDERGROUND ORG (Jul 20)
- Re: Shared memory DoS's Nicolas V. Chernyy (Jul 15)