> This exploit does not affect Linux 2.0.36, or any version of NetBSD. > I have not tested Linux versions >=2.1 (which have a different > implementation of the equivalent code from 2.0.36), but based on code > inspection, I do not believe it to be vulnerable to this particular > attack. Linux actually goes the other way. You can reduce performance as a user by deliberately causing inodes (effectively vnode here) or dentries to be flushed. I don't think you can do it harmfully. > to this problem, if the FreeBSD system is acting as a NFS client, it's > possible to use a variant of the attack that only creates one file and > keeps at most one link to it at any given time. This makes me realise another very funny one. I imagine this works on BSD too but it occured to me as I wrote the email. If you open socket pairs to yourself you can keep thousands of file handles queued up regardless of your file limit. In fact you can even implement fd paging libraries by using the socket as a delay line.. Alan
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:04:46 PDT