From owner-freebsd-security  Sat Jul 17  4:55:48 1999
Delivered-To: freebsd-security@freebsd.org
Received: from mirage.nlink.com.br (mirage.nlink.com.br [200.249.195.3])
	by hub.freebsd.org (Postfix) with ESMTP id 2C85C14CAA
	for <freebsd-security@FreeBSD.ORG>; Sat, 17 Jul 1999 04:55:40 -0700 (PDT)
	(envelope-from paulo@nlink.com.br)
Received: from localhost (paulo@localhost)
	by mirage.nlink.com.br (8.9.3/8.9.1) with SMTP id IAA00116;
	Sat, 17 Jul 1999 08:55:28 -0300 (EST)
Date: Sat, 17 Jul 1999 08:55:28 -0300 (EST)
From: Paulo Fragoso <paulo@nlink.com.br>
To: Matthew Dillon <dillon@apollo.backplane.com>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: FreeBSD exploit?
In-Reply-To: <199907152253.PAA13514@apollo.backplane.com>
Message-ID: <Pine.BSF.3.96.990717084540.29894B-100000@mirage.nlink.com.br>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Thu, 15 Jul 1999, Matthew Dillon wrote:

> :Hi,
> :
> :Has anyone ever read this article:
> :
> :http://www.securityfocus.com/level2/bottom.html?go=vulnerabilities&id=526
> :
> :all version of freebsd has this problem!!!
> :
> :Paulo.
> 
>     Yes, but it isn't an exploit, it's a denial of service attack
>     ( and there is a difference ).

Excuse my mistakes :-)

> 
>     Yes, it appears to be a real bug.  I can set my datasize limit
>     to 16m and then mmap() a 64m file MAP_PRIVATE and touch all the
>     pages without getting a fault.
> 
>     We could conceivably fix it by adding a new resource limit to
>     the system for privately mmap'd space.  But I think, ultimately,
>     the only way to fix it would be to add a per-user VM quota
>     resource that accounts for it properly.

I thought it was more dangerous, because the article is classified
"remote", and someone can remotely use to afsect another system.

Thanks,
Paulo.

> 
> 					-Matt
> 					Matthew Dillon 
> 					<dillon@backplane.com>
> 

------
"  ... Overall we've found FreeBSD to excel in performace, stability,
technical support, and of course price. Two years after discovering
FreeBSD, we have yet to find a reason why we switch to anything else"
						-David Filo, Yahoo!



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message