|
Bugtraq
mailing list archives
Re: FreeBSD-specific denial of service
From: bfischer () TECHFAK UNI-BIELEFELD DE (Bjoern Fischer)
Date: Fri, 24 Sep 1999 10:06:44 +0200
On Tue, Sep 21, 1999 at 03:50:58PM -0400, Charles M. Hannum wrote:
Here's an interesting denial-of-service attack against FreeBSD >=3.0
systems. It abuses a flaw in the `new' FreeBSD vfs_cache.c; it has no
way to purge entries unless the `vnode' (e.g. the file) they point to
is removed from memory -- which generally doesn't happen unless a
certain magic number of `vnodes' is in use, and never happens when the
`vnode' (i.e. file) is open. Thus it's possible to chew up an
arbitrary amount of wired kernel memory relatively simply.
This has been addressed and was fixed in src/sys/kern/vfs_cache.c
revision 1.38.2.3 before releasing the latest stable FreeBSD-3.3:
A tunable sysctl knob `vfs.cache.maxaliases' which defaults to 4
limits the number of cache aliases to a vnode.
Björn Fischer
--
(sig_t*)NULL
<!-- attachment="bin0a27613" -->
<HR>
<UL>
<LI>application/pgp-signature attachment: stored
</UL>
 By Date 
By Thread
Current thread:
- Re: fixing all buffer overflows --- random magin numbers, (continued)
| 
Intro
