From owner-freebsd-security  Thu Nov 21  9:52:15 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id DE3BE37B401
	for <freebsd-security@freebsd.org>; Thu, 21 Nov 2002 09:52:13 -0800 (PST)
Received: from bas.flux.utah.edu (bas.flux.utah.edu [155.98.60.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 65DD343E42
	for <freebsd-security@freebsd.org>; Thu, 21 Nov 2002 09:52:13 -0800 (PST)
	(envelope-from danderse@flux.utah.edu)
Received: from bas.flux.utah.edu (localhost [127.0.0.1])
	by bas.flux.utah.edu (8.12.5/8.12.5) with ESMTP id gALHq4As080266
	for <freebsd-security@freebsd.org>; Thu, 21 Nov 2002 10:52:04 -0700 (MST)
	(envelope-from danderse@bas.flux.utah.edu)
Received: (from danderse@localhost)
	by bas.flux.utah.edu (8.12.5/8.12.5/Submit) id gALHq44J080265
	for freebsd-security@freebsd.org; Thu, 21 Nov 2002 10:52:04 -0700 (MST)
Date: Thu, 21 Nov 2002 10:52:04 -0700
From: "David G. Andersen" <danderse@cs.utah.edu>
To: freebsd-security@freebsd.org
Subject: File table exhaustion patch
Message-ID: <20021121105204.B75421@cs.utah.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

In PR 45353, I've submitted a patch to reserve a handfull of
file table entries for root-only use, to mitigate the effects
of user processes that leak file descriptors:

  http://www.freebsd.org/cgi/query-pr.cgi?pr=45353

Even with per-process file descriptor limits, it's pretty
easy for a buggy program that does any kind of forking to
run the system out of file table entries (or for a malicious
user to do so).  The patch above is trivial, and at least
enables root to login and fix things up a bit.  I've been
running it locally for about a week, and it's happy.

Is the form of the solution acceptable?  (And if so, anyone
interested in committing it to -current for a while? ;-)

  -Dave

-- 
work: dga@lcs.mit.edu                          me:  dga@pobox.com
      MIT Laboratory for Computer Science           http://www.angio.net/
      I do not accept unsolicited commercial email.  Do not spam me.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message