:Venkatesh Srinivas <[email protected]> added the comment:
:
:Commit 2994659f1e6c1ef260241491bceca91c9d2553b3 is a partial fix to the
problem;
:it does not handle overflows in the spinlock loop path in fdcopy and it is
still
:possible to make the system unusable with the sample program posted below.
:
:Perhaps we should also raise the malloc zone limit to maxproc *
MAX_FDS_PER_PROC?
No, won't work, the maximum will baloon well past any reasonable limit
when you try to do that.
We have a kern.maxfilesperuser that's supposed to handle that sort of
attack, is it not working? It might not be applicable to root though.
-Matt
Matthew Dillon
<[email protected]>
