Bugtraq mailing list archives

Re: FreeBSD-specific denial of service

From: alan () LXORGUK UKUU ORG UK (Alan Cox)
Date: Wed, 22 Sep 1999 19:15:10 +0100

This exploit does not affect Linux 2.0.36, or any version of NetBSD.
I have not tested Linux versions >=2.1 (which have a different
implementation of the equivalent code from 2.0.36), but based on code
inspection, I do not believe it to be vulnerable to this particular
attack.


Linux actually goes the other way. You can reduce performance as a user by
deliberately causing inodes (effectively vnode here) or dentries to be
flushed. I don't think you can do it harmfully.

to this problem, if the FreeBSD system is acting as a NFS client, it's
possible to use a variant of the attack that only creates one file and
keeps at most one link to it at any given time.


This makes me realise another very funny one. I imagine this works on
BSD too but it occured to me as I wrote the email.

If you open socket pairs to yourself you can keep  thousands of file handles
queued up regardless of your file limit. In fact you can even implement
fd paging libraries by using the socket as a delay line..

Alan

Current thread:

Re: fixing all buffer overflows --- random magin numbers nm (Sep 12)
- Re: fixing all buffer overflows --- random magin numbers Crispin Cowan (Sep 13)
  - Re: fixing all buffer overflows --- random magin numbers Oliver Xymoron (Sep 17)
    - Exploit for proftpd 1.2.0pre6 Tymm Twillman (Sep 20)
    - Re: fixing all buffer overflows --- random magin numbers Crispin Cowan (Sep 20)
    - BP9909-00: cfingerd local buffer overflow Przemyslaw Frasunek (Sep 21)
    - Windows IP source routing attack Dug Song (Sep 21)
    - FreeBSD-specific denial of service Charles M. Hannum (Sep 21)
    - Re: FreeBSD-specific denial of service Alan Cox (Sep 22)
    - Re: FreeBSD-specific denial of service Bjoern Fischer (Sep 24)