> This does not `freeze' the system per se. What it does is tie up all > the network resources, and make it impossible to any network I/O (even > through Un*x-domain sockets). > > Linux is not generally vulnerable to the exploit as posted, because it > seems to only accept 64512 bytes from the write(2)s, and limit the > file descriptor table to 256 entries (at least by default), thus > making the program chew up less memory. However, a trivial variant > (attached below) causes memory exhaustion on the Linux system I > tested. Interestingly, this did not cause the Linux system to crash, > but it does cause a bunch of processes to be killed -- gpm, klogd, I've posted message titled "linux memory DOS" about 5 days ago to linux-kernel list. This situation is reproducible even without any IO/fork operations, only with memory operations. There are some suggested patches, at least to fix memory problem. Look linux-kernel mailing list archive for more info. > update, crond, and finally the test program itself. So there is still > a denial of service, especially if the program is modified to > continually fork as well (also attached below, although it could be > done a bit better). >
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:01:55 PDT