Date: Sat, 17 Jul 1999 08:55:28 -0300 (EST) From: Paulo Fragoso <paulo@nlink.com.br> To: Matthew Dillon <dillon@apollo.backplane.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: FreeBSD exploit? Message-ID: <Pine.BSF.3.96.990717084540.29894B-100000@mirage.nlink.com.br> In-Reply-To: <199907152253.PAA13514@apollo.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 15 Jul 1999, Matthew Dillon wrote: > :Hi, > : > :Has anyone ever read this article: > : > :http://www.securityfocus.com/level2/bottom.html?go=vulnerabilities&id=526 > : > :all version of freebsd has this problem!!! > : > :Paulo. > > Yes, but it isn't an exploit, it's a denial of service attack > ( and there is a difference ). Excuse my mistakes :-) > > Yes, it appears to be a real bug. I can set my datasize limit > to 16m and then mmap() a 64m file MAP_PRIVATE and touch all the > pages without getting a fault. > > We could conceivably fix it by adding a new resource limit to > the system for privately mmap'd space. But I think, ultimately, > the only way to fix it would be to add a per-user VM quota > resource that accounts for it properly. I thought it was more dangerous, because the article is classified "remote", and someone can remotely use to afsect another system. Thanks, Paulo. > > -Matt > Matthew Dillon > <dillon@backplane.com> > ------ " ... Overall we've found FreeBSD to excel in performace, stability, technical support, and of course price. Two years after discovering FreeBSD, we have yet to find a reason why we switch to anything else" -David Filo, Yahoo! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.990717084540.29894B-100000>