From owner-freebsd-security@FreeBSD.ORG Mon Feb 18 18:37:20 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 846C116A468 for ; Mon, 18 Feb 2008 18:37:20 +0000 (UTC) (envelope-from wxs@atarininja.org) Received: from syn.atarininja.org (syn.csh.rit.edu [129.21.60.158]) by mx1.freebsd.org (Postfix) with ESMTP id 19CD713C45E for ; Mon, 18 Feb 2008 18:37:20 +0000 (UTC) (envelope-from wxs@atarininja.org) Received: by syn.atarininja.org (Postfix, from userid 1001) id 0A71A5C5C; Mon, 18 Feb 2008 13:39:46 -0500 (EST) Date: Mon, 18 Feb 2008 13:39:46 -0500 From: Wesley Shields To: Volker Message-ID: <20080218183946.GH14660@atarininja.org> References: <200802181414.m1IEE8bd075081@drugs.dv.isc.org> <20080218150748.GD90004@atarininja.org> <268BFF3D-3853-40D5-9D69-6FC876E07ABB@gmail.com> <20080218180441.GE14660@atarininja.org> <47B9CCC3.9060203@vwsoft.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <47B9CCC3.9060203@vwsoft.com> User-Agent: Mutt/1.5.17 (2007-11-01) Cc: Peter Sanchez , freebsd-security@freebsd.org Subject: Re: How to take down a system to the point of requiring a newfs with one line of C (userland) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Feb 2008 18:37:20 -0000 On Mon, Feb 18, 2008 at 07:21:55PM +0100, Volker wrote: > On 02/18/08 19:04, Wesley Shields wrote: > > On Mon, Feb 18, 2008 at 09:25:29AM -0800, Peter Sanchez wrote: > >> On Feb 18, 2008, at 7:07 AM, Wesley Shields wrote: > >>> I tried this using /tmp/ as argv[1] and it didn't crash a 6.2 machine or > >>> a -current from a few weeks ago. Maybe the number of files has to be > >>> increased? I bumped it up to 100000 and tried on a 6.2 machine, but I > >>> ran out of inodes before I could induce a crash. :) > >>> > >>> Maybe I'm doing something wrong? > >> I believe the panic doesn't occur until boot. Did you reboot the box after > >> writing the files to /tmp? > >> > >> Peter > > > > I did on a 6.2 machine with 10000 files in /tmp. I can reboot the > > -current machine later tonight if you think it will make a difference. > > According to the problem report, it should panic while mounting the fs. > umount and re-mount /tmp and see, if you can make it panic (a reboot > shouldn't be necessary here). I did exactly that and it did not panic on both a 6.2 and -current machine. Just to be sure, I did reboot a 6.2 machine with 10000 0-byte files in /tmp and it didn't panic. -- WXS