On Tue, Sep 21, 1999 at 03:50:58PM -0400, Charles M. Hannum wrote:
> Here's an interesting denial-of-service attack against FreeBSD >=3.0
> systems. It abuses a flaw in the `new' FreeBSD vfs_cache.c; it has no
> way to purge entries unless the `vnode' (e.g. the file) they point to
> is removed from memory -- which generally doesn't happen unless a
> certain magic number of `vnodes' is in use, and never happens when the
> `vnode' (i.e. file) is open. Thus it's possible to chew up an
> arbitrary amount of wired kernel memory relatively simply.
This has been addressed and was fixed in src/sys/kern/vfs_cache.c
revision 1.38.2.3 before releasing the latest stable FreeBSD-3.3:
A tunable sysctl knob `vfs.cache.maxaliases' which defaults to 4
limits the number of cache aliases to a vnode.
Bj�rn Fischer
--
(sig_t*)NULL
PGP signature
