Bugtraq mailing list archives
Re: FreeBSD-specific denial of service
From: alan () LXORGUK UKUU ORG UK (Alan Cox)
Date: Wed, 22 Sep 1999 19:15:10 +0100
This exploit does not affect Linux 2.0.36, or any version of NetBSD. I have not tested Linux versions >=2.1 (which have a different implementation of the equivalent code from 2.0.36), but based on code inspection, I do not believe it to be vulnerable to this particular attack.
Linux actually goes the other way. You can reduce performance as a user by deliberately causing inodes (effectively vnode here) or dentries to be flushed. I don't think you can do it harmfully.
to this problem, if the FreeBSD system is acting as a NFS client, it's possible to use a variant of the attack that only creates one file and keeps at most one link to it at any given time.
This makes me realise another very funny one. I imagine this works on BSD too but it occured to me as I wrote the email. If you open socket pairs to yourself you can keep thousands of file handles queued up regardless of your file limit. In fact you can even implement fd paging libraries by using the socket as a delay line.. Alan
Current thread:
- Re: fixing all buffer overflows --- random magin numbers nm (Sep 12)
- Re: fixing all buffer overflows --- random magin numbers Crispin Cowan (Sep 13)
- Re: fixing all buffer overflows --- random magin numbers Oliver Xymoron (Sep 17)
- Exploit for proftpd 1.2.0pre6 Tymm Twillman (Sep 20)
- Re: fixing all buffer overflows --- random magin numbers Crispin Cowan (Sep 20)
- BP9909-00: cfingerd local buffer overflow Przemyslaw Frasunek (Sep 21)
- Windows IP source routing attack Dug Song (Sep 21)
- FreeBSD-specific denial of service Charles M. Hannum (Sep 21)
- Re: FreeBSD-specific denial of service Alan Cox (Sep 22)
- Re: FreeBSD-specific denial of service Bjoern Fischer (Sep 24)
- Re: fixing all buffer overflows --- random magin numbers Oliver Xymoron (Sep 17)
- Re: fixing all buffer overflows --- random magin numbers Crispin Cowan (Sep 13)