From owner-freebsd-security Fri Jun 11 12:15:51 1999 Delivered-To: freebsd-security@freebsd.org Received: from blackie.cruzers.com (cruzers.com [205.215.232.2]) by hub.freebsd.org (Postfix) with ESMTP id 4ED5914FE4 for ; Fri, 11 Jun 1999 12:15:43 -0700 (PDT) (envelope-from dkulp@board66.cruzers.com) Received: from board66.cruzers.com (board66.cruzers.com [205.215.233.66]) by blackie.cruzers.com (8.8.7/8.8.5) with ESMTP id MAA11231 for ; Fri, 11 Jun 1999 12:30:31 -0700 (PDT) Received: (from dkulp@localhost) by board66.cruzers.com (8.8.8/8.7.3) id MAA02601; Fri, 11 Jun 1999 12:15:40 -0700 (PDT) Date: Fri, 11 Jun 1999 12:15:40 -0700 (PDT) Message-Id: <199906111915.MAA02601@board66.cruzers.com> From: David Kulp MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit To: freebsd-security@freebsd.org Subject: maxuser, table full, and Saint's tcpscan X-Mailer: VM 6.22 under 19.15 XEmacs Lucid Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I was trying to do some diagnostics using Saint and when the tcp_scan program kicked in I would get 100's of lines of Jun 11 10:13:30 board66 /kernel: file: table is full Jun 11 10:13:30 board66 syslogd: /var/run/utmp: Too many open files in system So I recompiled my 2.2.8 kernel with: maxusers 100 options CHILD_MAX=128 options OPEN_MAX=128 and rebooted. Now when I run saint, tcp_scan just core dumps. So I poked around in the source and found that there is a buffer overflow on a select. (it's not checking FD_SETSIZE.) I found that I could successfully run tcp_scan using the -l option to limit the number of open sockets (i.e. add "-l $fw_loadlimit" to line 46 in tcpscan.saint). Anyone familiar with these issues? If not, well, let this be a data point for anyone else who has the same problem. I'll send an email to the developers, too. cheers, -david. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message