From owner-freebsd-bugs Sun Mar 9 15:40:09 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id PAA20682 for bugs-outgoing; Sun, 9 Mar 1997 15:40:09 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id PAA20676; Sun, 9 Mar 1997 15:40:05 -0800 (PST) Resent-Date: Sun, 9 Mar 1997 15:40:05 -0800 (PST) Resent-Message-Id: <199703092340.PAA20676@freefall.freebsd.org> Resent-From: gnats (GNATS Management) Resent-To: freebsd-bugs Resent-Reply-To: FreeBSD-gnats@freefall.FreeBSD.org, Received:(from nobody@localhost) by.freefall.freebsd.org.id.PAA20325;Sun; (8.8.5/8.8.5);, 9 Mar 1997 15:33:48.-0800 (PST) Message-Id: <199703092333.PAA20325@freefall.freebsd.org> Date: Sun, 9 Mar 1997 15:33:48 -0800 (PST) From: chern@tiger.towson.edu To: freebsd-gnats-submit@freebsd.org X-Send-Pr-Version: www-1.0 Subject: bin/2925: non-priviledged user can crash FreeBSD!! Sender: owner-bugs@freebsd.org X-Loop: FreeBSD.org Precedence: bulk >Number: 2925 >Category: bin >Synopsis: non-priviledged user can crash FreeBSD!! >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: open >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Mar 9 15:40:03 PST 1997 >Last-Modified: >Originator: Eric Fang >Organization: just a student >Release: FreeBSD-2.1.5 >Environment: FreeBSD vorlon.patriot.net 2.1.5-RELEASE FreeBSD 2.1.5-RELEASE #0: Wed Jul 17 03:09:31 1996 jkh@whisker.cdrom.com:/usr/src/sys/compile/GENERIC i386 (The CPU is a Cyrix 6x86 PR150+, 64M EDO RAM, 128M Swap partition) >Description: I simulated a situation as a novice c++ programmer/student writing code using pointers. I was curious and changed the code to be infinite loop and it would keep creating pointers/data structure. When I ran this program as a normal user, and then switched virtual console (Alt-F?) to root login with 'top' running. The first time it exited okay saying not enough swap space. Then I ran the same program more than 3 instances in a row with '&' background running. The system simply crashed and stopped. I waited for more than 15mins to see if it would recover, but it didn't. I will be upgrading to 2.1.7 to see if it will occur also. >How-To-Repeat: compile this c++ code and run this program many instances at the same time (lost the original, this is the closest possible): public: int Number; IntList *Next; }; void main() { int Number=10000; IntList *ListPtr; IntList *LastPtr = 0; IntList *First = 0; while (1) { ListPtr = new IntList; ListPtr->Number = Number; ListPtr->Next = 0; if (LastPtr) LastPtr->Next = ListPtr; else First = ListPtr; LastPtr = ListPtr; } if (First) { ListPtr = First; do { cout << ListPtr->Number << " "; ListPtr = ListPtr->Next; } while (ListPtr); cout << "\n"; } cout << "Bye bye!\n"; } >Fix: >Audit-Trail: >Unformatted: