[11086] in bugtraq
Re: Shared memory DoS's
daemon@ATHENA.MIT.EDU (Howard Kaye)
Tue Jul 20 22:11:31 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <3793A73B.1308DBF9@ms.com>
Date: Mon, 19 Jul 1999 18:31:23 -0400
Reply-To: howie@MS.COM
From: Howard Kaye <howie@MS.COM>
X-To: "Dick St.Peters" <stpeters@NETHEAVEN.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
Tops-20 had mapped memory segments before VMS was born. It was called
PMAP back then (for Page Map). I don't know if it had the same
vulnerability.
Howie Kaye
"Dick St.Peters" wrote:
>
> Mike Perry writes:
>
> > So as it turns out that it is in fact possible to create a DoS condition by
> > requesting a truckload of shared mem, then triggering pagefaults in the entire
> > shared region.
>
> Mapped memory segments have been susceptible to this since at least
> the early days of VMS, which AFAIK was the first OS to implement
> mapped memory (VMS used the term "mapped section"). I ran into this
> by accident no later than 1982 while doing image processing on a VMS
> system. My processes run at the lowest possible priority (equivalent
> to the highest possible niceness), would effectively shut down the
> system until they completed.
>
> VMS didn't have a lot of tools for analyzing what was happening, but a
> few experiments quickly showed the culprit was page faulting. Image
> processing tends to step through memory sparsely.
>
> Sorry - I no longer have an exploit :)
>
> --
> Dick St.Peters, stpeters@NetHeaven.com
> Gatekeeper, NetHeaven, Saratoga Springs, NY
> Saratoga/Albany/Amsterdam/BoltonLanding/Cobleskill/Greenwich/
> GlensFalls/LakePlacid/NorthCreek/Plattsburgh/...
> Oldest Internet service based in the Adirondack-Albany region
