Bugtraq: Re: FreeBSD-specific denial of service

[alan () LXORGUK UKUU ORG UK (Alan Cox)]

> This exploit does not affect Linux 2.0.36, or any version of NetBSD.
> I have not tested Linux versions >=2.1 (which have a different
> implementation of the equivalent code from 2.0.36), but based on code
> inspection, I do not believe it to be vulnerable to this particular
> attack.
Linux actually goes the other way. You can reduce performance as a user by
deliberately causing inodes (effectively vnode here) or dentries to be
flushed. I don't think you can do it harmfully.

> to this problem, if the FreeBSD system is acting as a NFS client, it's
> possible to use a variant of the attack that only creates one file and
> keeps at most one link to it at any given time.
This makes me realise another very funny one. I imagine this works on
BSD too but it occured to me as I wrote the email.

If you open socket pairs to yourself you can keep  thousands of file handles
queued up regardless of your file limit. In fact you can even implement
fd paging libraries by using the socket as a delay line..

Alan