[11988] in bugtraq
Re: FreeBSD-specific denial of service
daemon@ATHENA.MIT.EDU (Bjoern Fischer)
Sun Sep 26 01:30:23 1999
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="8w3uRX/HFJGApMzv"; micalg=pgp-md5;
protocol="application/pgp-signature"
Message-Id: <19990924100644.B5804@acrasia.TechFak.Uni-Bielefeld.DE>
Date: Fri, 24 Sep 1999 10:06:44 +0200
Reply-To: Bjoern Fischer <bfischer@TECHFAK.UNI-BIELEFELD.DE>
From: Bjoern Fischer <bfischer@TECHFAK.UNI-BIELEFELD.DE>
X-To: "Charles M. Hannum" <root@IHACK.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <199909211950.PAA09009@bill-the-cat.mit.edu>; from Charles M.
Hannum on Tue, Sep 21, 1999 at 03:50:58PM -0400
--8w3uRX/HFJGApMzv
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
On Tue, Sep 21, 1999 at 03:50:58PM -0400, Charles M. Hannum wrote:
> Here's an interesting denial-of-service attack against FreeBSD >=3D3.0
> systems. It abuses a flaw in the `new' FreeBSD vfs_cache.c; it has no
> way to purge entries unless the `vnode' (e.g. the file) they point to
> is removed from memory -- which generally doesn't happen unless a
> certain magic number of `vnodes' is in use, and never happens when the
> `vnode' (i.e. file) is open. Thus it's possible to chew up an
> arbitrary amount of wired kernel memory relatively simply.
This has been addressed and was fixed in src/sys/kern/vfs_cache.c
revision 1.38.2.3 before releasing the latest stable FreeBSD-3.3:
A tunable sysctl knob `vfs.cache.maxaliases' which defaults to 4
limits the number of cache aliases to a vnode.
Bj=F6rn Fischer
--=20
(sig_t*)NULL
--8w3uRX/HFJGApMzv
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
iQEVAgUBN+sxDKB/vQdH51t1AQH9UAf/cQ0X/DhxFJA9QNOD3JNTk0zzyc9CBh2r
AJsMj8gvbbqKtj11sy5fWrYWHx127MTHIBf0ZgXVeN0VwqKkl+x3iN47DnxfW0FK
R9bfl2o/n+pfcksF6MJM93mlYVH43QXiVyFJ2TUEjCDLDJpU2JIAEPPEhYHmqX+e
w7yIyPDiDZShS5YJlyxnDiGW2nTAjHE6ioLguYyt0sApBUOa2FEHeGo6FtDLmNjp
VuAZCyG6oBJW0byS011x9z5UtMagIW6GWaLbBFMIxIWLBDzQymWjJSQ6LZwogSVg
xI7CajU8opsVhX34KTn9G0EEG+oAAIEk0RqnWx00xgOy87x6w4LLMQ==
=xXey
-----END PGP SIGNATURE-----
--8w3uRX/HFJGApMzv--
