Bugtraq mailing list archives

Re: Local DoS in FreeBSD

From: jared () PUCK NETHER NET (Jared Mauch)
Date: Thu, 2 Sep 1999 15:51:24 -0400


On Wed, Sep 01, 1999 at 11:30:26AM +1000, Darren Reed wrote:

In some mail from L. Sassaman, sie said:

This was first posted to the FreeBSD security list on the 9th of August,
subsequently discussed on freebsd-stable and freebsd-hackers... no one
seems to care, even though it is able to lock up 2.2.6, 2.2.8, and 3.2.x
machines consistantly. I have also been told that it affects NetBSD and
OpenBSD, though I haven't confirmed it.

Someone with the know-how care to fix?


Fixing this has been discussed internally, I imagine, by many of the
affected OS's.  The problem is a resource stavation issue - in this
case mbuf's.  Arguably, it shouldn't "lock up", just freeze up anything
that does networking.

I imagine you could lock up more than just the *BSD's with this program.


        I have a network monitoring program that I wrote (sysmon),
and it has what would be called either a bug or feature.

        FreeBSD seems to have fixed it, but NetBSD not quite yet,
I open up about 100 some sockets and send pings out, and increase
my receive buffer large enough that these 100 icmp replies can be held
properly to be counted, so I don't decide that a site is down
when it is not.

        In older FreeBSD versions, I would lock the system saying
out of mbufs, increase maxusers.  No matter how large I
increased maxusers that did not work.  There is a similar problem
with NetBSD currently (that I am aware of), but the program runs as root
to take advantage of this.  I personally think that it's a bug for
the OS to allow (even the superuser) to allocate too many resources
to the point of hard locking the machine (as that's what would happen
in FreeBSD, and is reported to happen in NetBSD by a reputable person).

        I haven't released a fix for my code yet, to not allocate
so many resources (which is what I should do anyways), but it's not
like i'm doing dd if=/dev/zero of=/dev/kmem.  There should be limits
on any userland process that allow them to return an error if you
attempt to allocate all the system resources.

        - jared

--
Jared Mauch  | pgp key available via finger from jared () puck nether net
clue++;      | http://puck.nether.net/~jared/  My statements are only mine.
END OF LINE  |

Current thread:

Re: Local DoS in FreeBSD Darren Reed (Aug 31)
- DoS bug in MessageASAP software Forrest Aldrich (Aug 30)
- Re: Local DoS in FreeBSD L. Sassaman (Sep 01)
- Re: Local DoS in FreeBSD Jared Mauch (Sep 02)
- Re: Local DoS in FreeBSD Jeff Wheat (Sep 02)
  - Re: Local DoS in FreeBSD FreeBSD -- The Power to Serve (Sep 07)
- <Possible follow-ups>
- Re: Local DoS in FreeBSD MMS26 (Aug 31)
- Re: Local DoS in FreeBSD Jason Ackley (Aug 31)