In message <[EMAIL PROTECTED]>,
Adrian Pe
nisoara writes:
> Hi,
>
> On Tue, 21 Sep 1999, Charles M. Hannum wrote:
>
> > [Resending once, since it's been 10.5 days...]
> >
> > Here's an interesting denial-of-service attack against FreeBSD >=3.0
> > systems. It abuses a flaw in the `new' FreeBSD vfs_cache.c; it has no
> > way to purge entries unless the `vnode' (e.g. the file) they point to
> > is removed from memory -- which generally doesn't happen unless a
> > certain magic number of `vnodes' is in use, and never happens when the
> > `vnode' (i.e. file) is open. Thus it's possible to chew up an
> > arbitrary amount of wired kernel memory relatively simply.
> >
>
> Seems to be fixed in CVS version 1.38.2.3 of vfs_cache.c for RELENG_3
> branch (meaning 3.3-STABLE) -- could you please check again ?
>
> Commit log:
>
> Limit aliases to a vnode in the namecache to a sysctl tunable
> 'vfs.cache.maxaliases'. This protects against a DoS via thousands of
> hardlinks to a file wiring down all kernel memory.
In other words this has been fixed in 3.3-RELEASE.
Regards, Phone: (250)387-8437
Cy Schubert Fax: (250)387-5766
Open Systems Group Internet: [EMAIL PROTECTED]
ITSD [EMAIL PROTECTED]
Province of BC
"e**(i*pi)+1=0"
Re: FreeBSD-specific denial of service
Cy Schubert - ITSD Open Systems Group Sat, 25 Sep 1999 21:59:34 -0700
- FreeBSD-specific denial of service Charles M. Hannum
- Re: FreeBSD-specific denial of ... Alan Cox
- Re: FreeBSD-specific denial of ... Bjoern Fischer
- Cy Schubert - ITSD Open Systems Group
