From owner-freebsd-security Thu Nov 21 14:29: 7 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B2E2B37B401 for ; Thu, 21 Nov 2002 14:29:04 -0800 (PST) Received: from HAL9000.homeunix.com (12-232-220-15.client.attbi.com [12.232.220.15]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1E2B643E91 for ; Thu, 21 Nov 2002 14:29:04 -0800 (PST) (envelope-from dschultz@uclink.Berkeley.EDU) Received: from HAL9000.homeunix.com (localhost [127.0.0.1]) by HAL9000.homeunix.com (8.12.6/8.12.5) with ESMTP id gALMT1m9006444; Thu, 21 Nov 2002 14:29:01 -0800 (PST) (envelope-from dschultz@uclink.Berkeley.EDU) Received: (from das@localhost) by HAL9000.homeunix.com (8.12.6/8.12.5/Submit) id gALMT1L0006443; Thu, 21 Nov 2002 14:29:01 -0800 (PST) (envelope-from dschultz@uclink.Berkeley.EDU) Date: Thu, 21 Nov 2002 14:29:01 -0800 From: David Schultz To: "David G. Andersen" Cc: freebsd-security@FreeBSD.ORG Subject: Re: File table exhaustion patch Message-ID: <20021121222901.GC6062@HAL9000.homeunix.com> Mail-Followup-To: "David G. Andersen" , freebsd-security@FreeBSD.ORG References: <20021121105204.B75421@cs.utah.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20021121105204.B75421@cs.utah.edu> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Thus spake David G. Andersen : > In PR 45353, I've submitted a patch to reserve a handfull of > file table entries for root-only use, to mitigate the effects > of user processes that leak file descriptors: > > http://www.freebsd.org/cgi/query-pr.cgi?pr=45353 > > Even with per-process file descriptor limits, it's pretty > easy for a buggy program that does any kind of forking to > run the system out of file table entries (or for a malicious > user to do so). The patch above is trivial, and at least > enables root to login and fix things up a bit. I've been > running it locally for about a week, and it's happy. > > Is the form of the solution acceptable? (And if so, anyone > interested in committing it to -current for a while? ;-) Cool! I have two minor comments: - Use suser(9) for the purpose of checking superuserness. - Instead of making the default reservation maxfiles/20, a constant might be more appropriate. The administrator does not need proportionately more file table entries to log in and kill misbehaving processes on larger systems. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message