From owner-freebsd-stable@FreeBSD.ORG  Sat Jun 21 03:14:35 2003
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 091CC37B401
	for <freebsd-stable@FreeBSD.ORG>;
	Sat, 21 Jun 2003 03:14:35 -0700 (PDT)
Received: from HAL9000.homeunix.com (ip114.bella-vista.sfo.interquest.net
	[66.199.86.114])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6163143F75
	for <freebsd-stable@FreeBSD.ORG>;
	Sat, 21 Jun 2003 03:14:34 -0700 (PDT)	(envelope-from das@FreeBSD.ORG)
Received: from HAL9000.homeunix.com (localhost [127.0.0.1])
	by HAL9000.homeunix.com (8.12.9/8.12.9) with ESMTP id h5LAE3Ja049591;
	Sat, 21 Jun 2003 03:14:04 -0700 (PDT)
	(envelope-from das@FreeBSD.ORG)
Received: (from das@localhost)
	by HAL9000.homeunix.com (8.12.9/8.12.9/Submit) id h5L9hBFu022730;
	Sat, 21 Jun 2003 02:43:11 -0700 (PDT)
	(envelope-from das@FreeBSD.ORG)
Date: Sat, 21 Jun 2003 02:43:11 -0700
From: David Schultz <das@FreeBSD.ORG>
To: Kris Kennaway <kris@obsecurity.org>
Message-ID: <20030621094311.GB2401@HAL9000.homeunix.com>
Mail-Followup-To: Kris Kennaway <kris@obsecurity.org>,
	William Fletcher <ultraviolet@epweb.co.za>,
	freebsd-stable@freebsd.org
References: <20030620155516.GC7055@tulip.epweb.co.za>
	<20030620170943.GB53684@rot13.obsecurity.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20030620170943.GB53684@rot13.obsecurity.org>
cc: freebsd-stable@FreeBSD.ORG
cc: William Fletcher <ultraviolet@epweb.co.za>
Subject: Re: Zsh fork bomb paniced my kernel.
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Production branch of FreeBSD source code
	<freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 21 Jun 2003 10:14:35 -0000

On Fri, Jun 20, 2003, Kris Kennaway wrote:
> On Fri, Jun 20, 2003 at 05:55:16PM +0200, William Fletcher wrote:
> > Hi,
> > 
> > My machine just bombed when I did the following stupid command.
> > :(){:|:};:
> > Zsh chewed up everything on the machine...
> > I ran it knowing I'd probably have to reboot.
> > 
> > But, I hardly expected it to panic.
> > 
> > Or, was that normal?
> 
> Yes, this is a FAQ, and why resource limits exist.  man login.conf

I don't think we have resource limits for this particular DOS.
The backtrace seems to indicate that he's filling the kernel map
with pipe buffers, and the system always panics when the kernel
map fills up.  I would expect that we could solve the problem by
using a separate map for pipe buffers, but that probably entails
other issues I'm unaware of.  Perhaps a PR should be filed.