--8w3uRX/HFJGApMzv Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable On Tue, Sep 21, 1999 at 03:50:58PM -0400, Charles M. Hannum wrote: > Here's an interesting denial-of-service attack against FreeBSD >=3D3.0 > systems. It abuses a flaw in the `new' FreeBSD vfs_cache.c; it has no > way to purge entries unless the `vnode' (e.g. the file) they point to > is removed from memory -- which generally doesn't happen unless a > certain magic number of `vnodes' is in use, and never happens when the > `vnode' (i.e. file) is open. Thus it's possible to chew up an > arbitrary amount of wired kernel memory relatively simply. This has been addressed and was fixed in src/sys/kern/vfs_cache.c revision 1.38.2.3 before releasing the latest stable FreeBSD-3.3: A tunable sysctl knob `vfs.cache.maxaliases' which defaults to 4 limits the number of cache aliases to a vnode. Bj=F6rn Fischer --=20 (sig_t*)NULL --8w3uRX/HFJGApMzv Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: 2.6.3i iQEVAgUBN+sxDKB/vQdH51t1AQH9UAf/cQ0X/DhxFJA9QNOD3JNTk0zzyc9CBh2r AJsMj8gvbbqKtj11sy5fWrYWHx127MTHIBf0ZgXVeN0VwqKkl+x3iN47DnxfW0FK R9bfl2o/n+pfcksF6MJM93mlYVH43QXiVyFJ2TUEjCDLDJpU2JIAEPPEhYHmqX+e w7yIyPDiDZShS5YJlyxnDiGW2nTAjHE6ioLguYyt0sApBUOa2FEHeGo6FtDLmNjp VuAZCyG6oBJW0byS011x9z5UtMagIW6GWaLbBFMIxIWLBDzQymWjJSQ6LZwogSVg xI7CajU8opsVhX34KTn9G0EEG+oAAIEk0RqnWx00xgOy87x6w4LLMQ== =xXey -----END PGP SIGNATURE----- --8w3uRX/HFJGApMzv--
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:05:04 PDT