Date: Mon, 16 Feb 2004 18:12:18 +0300 (MSK) From: Maxim Konovalov <maxim@macomnet.ru> To: Pawel Jakub Dawidek <pjd@FreeBSD.org> Cc: current@FreeBSD.org Subject: Re: Jails that keep hanging around Message-ID: <20040216175831.G39007@news1.macomnet.ru> In-Reply-To: <20040216140720.GE14639@garage.freebsd.pl> References: <200402151714.26631.freebsd-current@webteckies.org> <20040216133617.GD14639@garage.freebsd.pl> <20040216140720.GE14639@garage.freebsd.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 16 Feb 2004, 15:07+0100, Pawel Jakub Dawidek wrote: > On Mon, Feb 16, 2004 at 04:47:25PM +0300, Maxim Konovalov wrote: > +> > If there is no objections I'm going to commit it tomorrow. > +> > +> What I really do not understand why we do not leak in non-jail > +> environment? > > I'm sure we are, this is just hard to check, because we don't have > list with allocated 'cred' structures. > > But try to do your test without a jail and track 2nd column in: > > # sysctl kern.malloc | grep cred > > Number of objects grows when I'm killing daemon while connection > exists. I'm wondering if this cannot be used to some DoS attack. Can't reproduce: $ vmstat -m | grep cred cred 38 5K 5K 22714 128 [ serveral nc & telnet tests I port early in non-jail environment ] $ vmstat -m | grep cred cred 38 5K 5K 22833 128 [ same tests in jail ] $ vmstat -m | grep cred cred 42 6K 6K 23034 128 $ jls JID IP Address Hostname Path 4 127.0.0.1 j / 3 127.0.0.1 j / 2 127.0.0.1 j / 1 127.0.0.1 j / -- Maxim Konovalov
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040216175831.G39007>