Bugtraq mailing list archives
Re: FreeBSD-specific denial of service
From: Cy.Schubert () UUMAIL GOV BC CA (Cy Schubert - ITSD Open Systems Group)
Date: Fri, 24 Sep 1999 07:32:40 -0700
In message <Pine.BSF.4.10.9909241652530.35644-100000 () ady warpnet ro>, Adrian Pe nisoara writes:
Hi, On Tue, 21 Sep 1999, Charles M. Hannum wrote:[Resending once, since it's been 10.5 days...] Here's an interesting denial-of-service attack against FreeBSD >=3.0 systems. It abuses a flaw in the `new' FreeBSD vfs_cache.c; it has no way to purge entries unless the `vnode' (e.g. the file) they point to is removed from memory -- which generally doesn't happen unless a certain magic number of `vnodes' is in use, and never happens when the `vnode' (i.e. file) is open. Thus it's possible to chew up an arbitrary amount of wired kernel memory relatively simply.Seems to be fixed in CVS version 1.38.2.3 of vfs_cache.c for RELENG_3 branch (meaning 3.3-STABLE) -- could you please check again ? Commit log: Limit aliases to a vnode in the namecache to a sysctl tunable 'vfs.cache.maxaliases'. This protects against a DoS via thousands of hardlinks to a file wiring down all kernel memory.
In other words this has been fixed in 3.3-RELEASE. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Open Systems Group Internet: Cy.Schubert () uumail gov bc ca ITSD Cy.Schubert () gems8 gov bc ca Province of BC "e**(i*pi)+1=0"
Current thread:
- Re: FreeBSD-specific denial of service Cy Schubert - ITSD Open Systems Group (Sep 24)