From owner-freebsd-current@FreeBSD.ORG Mon Feb 16 07:50:08 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3701F16A4CE; Mon, 16 Feb 2004 07:50:08 -0800 (PST) Received: from milla.ask33.net (milla.ask33.net [217.197.166.60]) by mx1.FreeBSD.org (Postfix) with ESMTP id A0A2043D1D; Mon, 16 Feb 2004 07:50:07 -0800 (PST) (envelope-from nick@milla.ask33.net) Received: by milla.ask33.net (Postfix, from userid 1001) id BCF7A3ABB80; Mon, 16 Feb 2004 16:53:15 +0100 (CET) Date: Mon, 16 Feb 2004 16:53:15 +0100 From: Pawel Jakub Dawidek To: Maxim Konovalov Message-ID: <20040216155315.GG14639@garage.freebsd.pl> References: <200402151714.26631.freebsd-current@webteckies.org> <20040215191756.P49729@news1.macomnet.ru> <20040216133617.GD14639@garage.freebsd.pl> <20040216164605.S19111@news1.macomnet.ru> <20040216140720.GE14639@garage.freebsd.pl> <20040216175831.G39007@news1.macomnet.ru> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="WIW0mBdZQbss59/X" Content-Disposition: inline In-Reply-To: <20040216175831.G39007@news1.macomnet.ru> X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc X-OS: FreeBSD 4.8-RELEASE-p13 i386 X-URL: http://garage.freebsd.pl User-Agent: Mutt/1.5.1i cc: scottl@FreeBSD.org cc: rwatson@FreeBSD.org cc: current@FreeBSD.org Subject: Re: Jails that keep hanging around X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Feb 2004 15:50:08 -0000 --WIW0mBdZQbss59/X Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Feb 16, 2004 at 06:12:18PM +0300, Maxim Konovalov wrote: +> > +> What I really do not understand why we do not leak in non-jail +> > +> environment? +> > +> > I'm sure we are, this is just hard to check, because we don't have +> > list with allocated 'cred' structures. +> > +> > But try to do your test without a jail and track 2nd column in: +> > +> > # sysctl kern.malloc | grep cred +> > +> > Number of objects grows when I'm killing daemon while connection +> > exists. I'm wondering if this cannot be used to some DoS attack. +>=20 +> Can't reproduce: +>=20 +> $ vmstat -m | grep cred +> cred 38 5K 5K 22714 128 +>=20 +> [ serveral nc & telnet tests I port early in non-jail environment ] +>=20 +> $ vmstat -m | grep cred +> cred 38 5K 5K 22833 128 Probably, because no new cred structure is allocated when you run 'nc' without a jail (only this one used by your shell is referenced again). Try to do: # su - -c "/usr/local/bin/nc -p 1234 -l 127.0.0.1" --=20 Pawel Jakub Dawidek http://www.FreeBSD.org pjd@FreeBSD.org http://garage.freebsd.pl FreeBSD committer Am I Evil? Yes, I Am! --WIW0mBdZQbss59/X Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQFAMOdrForvXbEpPzQRAmlhAKDQQDB4WnhkRDXx6+Yairew4YrstwCg73xH Ts7G7aY70BFvgPknoYH0BB4= =cU3h -----END PGP SIGNATURE----- --WIW0mBdZQbss59/X--