Date: Mon, 16 Feb 2004 18:12:18 +0300 (MSK) From: Maxim Konovalov <maxim@macomnet.ru> To: Pawel Jakub Dawidek <pjd@FreeBSD.org> Cc: current@FreeBSD.org Subject: Re: Jails that keep hanging around Message-ID: <20040216175831.G39007@news1.macomnet.ru> In-Reply-To: <20040216140720.GE14639@garage.freebsd.pl> References: <200402151714.26631.freebsd-current@webteckies.org> <20040216133617.GD14639@garage.freebsd.pl> <20040216140720.GE14639@garage.freebsd.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 16 Feb 2004, 15:07+0100, Pawel Jakub Dawidek wrote:
> On Mon, Feb 16, 2004 at 04:47:25PM +0300, Maxim Konovalov wrote:
> +> > If there is no objections I'm going to commit it tomorrow.
> +>
> +> What I really do not understand why we do not leak in non-jail
> +> environment?
>
> I'm sure we are, this is just hard to check, because we don't have
> list with allocated 'cred' structures.
>
> But try to do your test without a jail and track 2nd column in:
>
> # sysctl kern.malloc | grep cred
>
> Number of objects grows when I'm killing daemon while connection
> exists. I'm wondering if this cannot be used to some DoS attack.
Can't reproduce:
$ vmstat -m | grep cred
cred 38 5K 5K 22714 128
[ serveral nc & telnet tests I port early in non-jail environment ]
$ vmstat -m | grep cred
cred 38 5K 5K 22833 128
[ same tests in jail ]
$ vmstat -m | grep cred
cred 42 6K 6K 23034 128
$ jls
JID IP Address Hostname Path
4 127.0.0.1 j /
3 127.0.0.1 j /
2 127.0.0.1 j /
1 127.0.0.1 j /
--
Maxim Konovalov
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040216175831.G39007>