[11991] in bugtraq
Re: FreeBSD-specific denial of service
daemon@ATHENA.MIT.EDU (Cy Schubert - ITSD Open Systems Gr)
Sun Sep 26 01:55:16 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <199909241433.HAA63586@cwsys.cwsent.com>
Date: Fri, 24 Sep 1999 07:32:40 -0700
Reply-To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@UUMAIL.GOV.BC.CA>
X-To: Adrian Penisoara <ady@freebsd.ady.ro>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: Your message of "Fri, 24 Sep 1999 17:02:25 +0300."
<Pine.BSF.4.10.9909241652530.35644-100000@ady.warpnet.ro>
In message <Pine.BSF.4.10.9909241652530.35644-100000@ady.warpnet.ro>,
Adrian Pe
nisoara writes:
> Hi,
>
> On Tue, 21 Sep 1999, Charles M. Hannum wrote:
>
> > [Resending once, since it's been 10.5 days...]
> >
> > Here's an interesting denial-of-service attack against FreeBSD >=3.0
> > systems. It abuses a flaw in the `new' FreeBSD vfs_cache.c; it has no
> > way to purge entries unless the `vnode' (e.g. the file) they point to
> > is removed from memory -- which generally doesn't happen unless a
> > certain magic number of `vnodes' is in use, and never happens when the
> > `vnode' (i.e. file) is open. Thus it's possible to chew up an
> > arbitrary amount of wired kernel memory relatively simply.
> >
>
> Seems to be fixed in CVS version 1.38.2.3 of vfs_cache.c for RELENG_3
> branch (meaning 3.3-STABLE) -- could you please check again ?
>
> Commit log:
>
> Limit aliases to a vnode in the namecache to a sysctl tunable
> 'vfs.cache.maxaliases'. This protects against a DoS via thousands of
> hardlinks to a file wiring down all kernel memory.
In other words this has been fixed in 3.3-RELEASE.
Regards, Phone: (250)387-8437
Cy Schubert Fax: (250)387-5766
Open Systems Group Internet: Cy.Schubert@uumail.gov.bc.ca
ITSD Cy.Schubert@gems8.gov.bc.ca
Province of BC
"e**(i*pi)+1=0"
