On Wed, Sep 01, 1999 at 11:30:26AM +1000, Darren Reed wrote: > In some mail from L. Sassaman, sie said: > > This was first posted to the FreeBSD security list on the 9th of August, > > subsequently discussed on freebsd-stable and freebsd-hackers... no one > > seems to care, even though it is able to lock up 2.2.6, 2.2.8, and 3.2.x > > machines consistantly. I have also been told that it affects NetBSD and > > OpenBSD, though I haven't confirmed it. > > > > Someone with the know-how care to fix? > > Fixing this has been discussed internally, I imagine, by many of the > affected OS's. The problem is a resource stavation issue - in this > case mbuf's. Arguably, it shouldn't "lock up", just freeze up anything > that does networking. > > I imagine you could lock up more than just the *BSD's with this program. I have a network monitoring program that I wrote (sysmon), and it has what would be called either a bug or feature. FreeBSD seems to have fixed it, but NetBSD not quite yet, I open up about 100 some sockets and send pings out, and increase my receive buffer large enough that these 100 icmp replies can be held properly to be counted, so I don't decide that a site is down when it is not. In older FreeBSD versions, I would lock the system saying out of mbufs, increase maxusers. No matter how large I increased maxusers that did not work. There is a similar problem with NetBSD currently (that I am aware of), but the program runs as root to take advantage of this. I personally think that it's a bug for the OS to allow (even the superuser) to allocate too many resources to the point of hard locking the machine (as that's what would happen in FreeBSD, and is reported to happen in NetBSD by a reputable person). I haven't released a fix for my code yet, to not allocate so many resources (which is what I should do anyways), but it's not like i'm doing dd if=/dev/zero of=/dev/kmem. There should be limits on any userland process that allow them to return an error if you attempt to allocate all the system resources. - jared -- Jared Mauch | pgp key available via finger from jaredat_private clue++; | http://puck.nether.net/~jared/ My statements are only mine. END OF LINE |
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:01:37 PDT