Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 9 May 2005 21:33:23 -0700
From:      Kris Kennaway <kris@obsecurity.org>
To:        Billy Newsom <smartweb@leadhill.net>
Cc:        freebsd-stable@freebsd.org
Subject:   Re: nfs bug & df: Can I lock up my kernel and overflow this buffer?
Message-ID:  <20050510043323.GA50881@xor.obsecurity.org>
In-Reply-To: <4280353B.8050306@leadhill.net>
References:  <4280353B.8050306@leadhill.net>
next in thread | previous in thread | raw e-mail | index | archive | help 

--qDbXVdCdHGoSgWSk
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, May 09, 2005 at 11:14:51PM -0500, Billy Newsom wrote:
> Here's something pretty stupid about either the code in mount, df, or=20
> both.  I'm on the verge of a denial of service if this lasts much=20
> longer.

Why do you think so?

> When I mount an nfs device more than once, I get this=20
> ridiculous output from df and mount:
>=20
> #df
> Filesystem  1K-blocks    Used   Avail Capacity  Mounted on
> /dev/ad0s1a    253678  137554   95830    59%    /
> devfs               1       1       0   100%    /dev
> /dev/ad0s1e    253678      18  233366     0%    /tmp
> /dev/ad0s1f   7782878 3273986 3886262    46%    /usr
> /dev/ad0s1d    253678  125386  107998    54%    /var
> devfs               1       1       0   100%    /var/named/dev
> dell:/nfs     8883912 4104516 4779396    46%    /dellbak
> dell:/nfs     8883912 4104516 4779396    46%    /dellbak
> dell:/nfs     8883912 4104516 4779396    46%    /dellbak
> dell:/nfs     8883912 4104516 4779396    46%    /dellbak
> dell:/nfs     8883912 4104516 4779396    46%    /dellbak
> dell:/nfs     8883912 4104516 4779396    46%    /dellbak

Why's it ridiculous?  You mounted it more than once, so it appears
more than once in the list of mounted filesystems.

> * Look at the fsid for /dellbak below, using verbose output.  Pretty odd.

Why is it odd?  The fsid is by definition different for different
mounts.

Kris
--qDbXVdCdHGoSgWSk
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (FreeBSD)

iD8DBQFCgDmSWry0BWjoQKURApYuAKDDM0wbSLbzw3SzItRw2FY0kzgiTgCffRTT
/g/DeD5rujkEngALbwdLwQU=
=QZNi
-----END PGP SIGNATURE-----

--qDbXVdCdHGoSgWSk--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050510043323.GA50881>