Bugtraq: Re: FreeBSD-specific denial of service

[Cy.Schubert () UUMAIL GOV BC CA (Cy Schubert - ITSD Open Systems Group)]

In message <Pine.BSF.4.10.9909241652530.35644-100000 () ady warpnet ro>,
Adrian Pe
nisoara writes:
> Hi,
>
> On Tue, 21 Sep 1999, Charles M. Hannum wrote:
>
> > [Resending once, since it's been 10.5 days...]
> >
> > Here's an interesting denial-of-service attack against FreeBSD >=3.0
> > systems.  It abuses a flaw in the `new' FreeBSD vfs_cache.c; it has no
> > way to purge entries unless the `vnode' (e.g. the file) they point to
> > is removed from memory -- which generally doesn't happen unless a
> > certain magic number of `vnodes' is in use, and never happens when the
> > `vnode' (i.e. file) is open.  Thus it's possible to chew up an
> > arbitrary amount of wired kernel memory relatively simply.
>  Seems to be fixed in CVS version 1.38.2.3 of vfs_cache.c for RELENG_3
> branch (meaning 3.3-STABLE) -- could you please check again ?
>
>  Commit log:
>
>    Limit aliases to a vnode in the namecache to a sysctl tunable
>    'vfs.cache.maxaliases'. This protects against a DoS via thousands of
>    hardlinks to a file wiring down all kernel memory.
In other words this has been fixed in 3.3-RELEASE.

Regards,                       Phone:  (250)387-8437
Cy Schubert                      Fax:  (250)387-5766
Open Systems Group          Internet:  Cy.Schubert () uumail gov bc ca
ITSD                                   Cy.Schubert () gems8 gov bc ca
Province of BC
                      "e**(i*pi)+1=0"