Date: Fri, 24 Sep 1999 07:35:06 -0700 From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> To: freebsd-current@freebsd.org Subject: Re: FreeBSD-specific denial of service Message-ID: <199909241436.HAA63605@cwsys.cwsent.com>
next in thread | raw e-mail | index | archive | help
The following is from BUGTRAQ. There's a fix for -stable, though there
is none for -current. Is -current vulnerable?
Regards, Phone: (250)387-8437
Cy Schubert Fax: (250)387-5766
Open Systems Group Internet: Cy.Schubert@uumail.gov.bc.ca
ITSD Cy.Schubert@gems8.gov.bc.ca
Province of BC
"e**(i*pi)+1=0"
------- Forwarded Message
Replied: Fri, 24 Sep 1999 07:32:41 -0700
Replied: Adrian Penisoara <ady@freebsd.ady.ro>
Replied: "Charles M. Hannum" <root@IHACK.NET>
Replied: BUGTRAQ@SECURITYFOCUS.COM
Replied: freebsd-security@FreeBSD.ORG
Return-Path: Cy.Schubert@uumail.gov.bc.ca
Received: (from uucp@localhost)
by passer.osg.gov.bc.ca (8.9.3/8.9.1) id HAA19965
for <cy>; Fri, 24 Sep 1999 07:07:39 -0700 (PDT)
Resent-Message-Id: <199909241407.HAA19965@passer.osg.gov.bc.ca>
Received: from localhost.osg.gov.bc.ca(127.0.0.1), claiming to be
"passer.osg.gov.bc.ca"
via SMTP by localhost.osg.gov.bc.ca, id smtpdL19958; Fri Sep 24
07:06:39 1999
Received: (from uucp@localhost)
by passer.osg.gov.bc.ca (8.9.3/8.9.1) id HAA19950
for <cschuber@passer.osg.gov.bc.ca>; Fri, 24 Sep 1999 07:06:39 -0700
(PDT)
Received: from point.osg.gov.bc.ca(142.32.102.44)
via SMTP by passer.osg.gov.bc.ca, id smtpdW19948; Fri Sep 24 07:06:27
1999
Received: (from daemon@localhost)
by point.osg.gov.bc.ca (8.8.7/8.8.8) id HAA04613
for <cschuber@uumail.gov.bc.ca>; Fri, 24 Sep 1999 07:06:27 -0700
Received: from hub.FreeBSD.ORG(204.216.27.18)
via SMTP by point.osg.gov.bc.ca, id smtpda04611; Fri Sep 24 07:06:14
1999
Received: by hub.freebsd.org (Postfix, from userid 538)
id 47FB414D1C; Fri, 24 Sep 1999 07:04:18 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
by hub.freebsd.org (Postfix) with SMTP
id 309E61CD621; Fri, 24 Sep 1999 07:04:18 -0700 (PDT)
(envelope-from owner-freebsd-security)
Received: by hub.freebsd.org (bulk_mailer v1.12); Fri, 24 Sep 1999
07:04:18 -0700
Delivered-To: freebsd-security@freebsd.org
Received: from ady.warpnet.ro (ady.warpnet.ro [194.102.224.1])
by hub.freebsd.org (Postfix) with ESMTP id C4621150E5
for <freebsd-security@FreeBSD.org>; Fri, 24 Sep 1999 07:04:02 -0700
(PDT)
(envelope-from ady@freebsd.ady.ro)
Received: from localhost (ady@localhost)
by ady.warpnet.ro (8.9.3/8.9.3) with ESMTP id RAA36387;
Fri, 24 Sep 1999 17:02:25 +0300 (EEST)
(envelope-from ady@freebsd.ady.ro)
Date: Fri, 24 Sep 1999 17:02:25 +0300 (EEST)
From: Adrian Penisoara <ady@freebsd.ady.ro>
X-Sender: ady@ady.warpnet.ro
To: "Charles M. Hannum" <root@IHACK.NET>
Cc: BUGTRAQ@SECURITYFOCUS.COM, freebsd-security@FreeBSD.ORG
Subject: Re: FreeBSD-specific denial of service
In-Reply-To: <199909211950.PAA09009@bill-the-cat.mit.edu>
Message-ID: <Pine.BSF.4.10.9909241652530.35644-100000@ady.warpnet.ro>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk
Resent-To: cy
Resent-Date: Fri, 24 Sep 1999 07:06:39 -0700
Resent-From: Cy Schubert <cschuber@uumail.gov.bc.ca>
X-UIDL: e11831742cf1648327586c6ab307b72c
Hi,
On Tue, 21 Sep 1999, Charles M. Hannum wrote:
> [Resending once, since it's been 10.5 days...]
>
> Here's an interesting denial-of-service attack against FreeBSD >=3.0
> systems. It abuses a flaw in the `new' FreeBSD vfs_cache.c; it has no
> way to purge entries unless the `vnode' (e.g. the file) they point to
> is removed from memory -- which generally doesn't happen unless a
> certain magic number of `vnodes' is in use, and never happens when the
> `vnode' (i.e. file) is open. Thus it's possible to chew up an
> arbitrary amount of wired kernel memory relatively simply.
>
Seems to be fixed in CVS version 1.38.2.3 of vfs_cache.c for RELENG_3
branch (meaning 3.3-STABLE) -- could you please check again ?
Commit log:
Limit aliases to a vnode in the namecache to a sysctl tunable
'vfs.cache.maxaliases'. This protects against a DoS via thousands of
hardlinks to a file wiring down all kernel memory.
Ady (@freebsd.ady.ro)
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
------- End of Forwarded Message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199909241436.HAA63605>