[11967] in bugtraq
Re: FreeBSD-specific denial of service
daemon@ATHENA.MIT.EDU (Alan Cox)
Wed Sep 22 15:32:18 1999
Content-Type: text
Message-Id: <E11Tqv9-00022N-00@the-village.bc.nu>
Date: Wed, 22 Sep 1999 19:15:10 +0100
Reply-To: Alan Cox <alan@LXORGUK.UKUU.ORG.UK>
From: Alan Cox <alan@LXORGUK.UKUU.ORG.UK>
X-To: root@IHACK.NET
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <199909211950.PAA09009@bill-the-cat.mit.edu> from "Charles M.
Hannum" at Sep 21, 99 03:50:58 pm
> This exploit does not affect Linux 2.0.36, or any version of NetBSD.
> I have not tested Linux versions >=2.1 (which have a different
> implementation of the equivalent code from 2.0.36), but based on code
> inspection, I do not believe it to be vulnerable to this particular
> attack.
Linux actually goes the other way. You can reduce performance as a user by
deliberately causing inodes (effectively vnode here) or dentries to be
flushed. I don't think you can do it harmfully.
> to this problem, if the FreeBSD system is acting as a NFS client, it's
> possible to use a variant of the attack that only creates one file and
> keeps at most one link to it at any given time.
This makes me realise another very funny one. I imagine this works on
BSD too but it occured to me as I wrote the email.
If you open socket pairs to yourself you can keep thousands of file handles
queued up regardless of your file limit. In fact you can even implement
fd paging libraries by using the socket as a delay line..
Alan
