From owner-freebsd-security Fri Jun 2 9: 8:31 2000 Delivered-To: freebsd-security@freebsd.org Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2]) by hub.freebsd.org (Postfix) with ESMTP id 8485637B76F for ; Fri, 2 Jun 2000 09:08:29 -0700 (PDT) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.9.3/8.9.1) id JAA47864; Fri, 2 Jun 2000 09:08:22 -0700 (PDT) (envelope-from dillon) Date: Fri, 2 Jun 2000 09:08:22 -0700 (PDT) From: Matthew Dillon Message-Id: <200006021608.JAA47864@apollo.backplane.com> To: Mike Tancsa Cc: freebsd-security@FreeBSD.ORG Subject: Re: FreeBSDDEATH.c.txt (mmap dirty page no check bug) References: <3.0.5.32.20000602093923.0309ed60@marble.sentex.ca> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org :>This seems to be doing the rounds with the script kiddies fairly quickly. :>I've attached it. :>(originally found at: http://ls.si.ru/tmp/FreeBSDDEATH.c.txt - dumped :>by some skr1pt k1dd1es on irc) If you go back one day Oleg posted the same snippit. It is possible to lockup a machine with this code, but the program isn't going to be very effective on any machine with public shell accounts if that machine has quotas enabled. I put quotas on every partition users had access to at BEST, including /tmp (100MB quota). In fact, /tmp turned out to be the single most important partition to put a quota on due to the sheer number of programs that just assumed it would never fill up (and the sheer number of bozo users who would use /tmp to unpack warez and never delete any of it). I should be able to get a fix in this weekend. -Matt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message