How to take down a system to the point of requiring a newfs
with one line of C (userland)
Wesley Shields
wxs at FreeBSD.org
Mon Feb 18 07:21:18 PST 2008
On Tue, Feb 19, 2008 at 01:14:08AM +1100, Mark Andrews wrote:
>
> > Patient: Doctor, it hurts when I do this!
> >
> > Doctor: Don't do that...
>
> Did you actually bother to read his report?
>
> While his example is used "/", if the report is correct then you
> just need to replace "/" with the path of any file system mount
> point that is world writable like say "/tmp".
>
> Do you have /tmp mounted like this?
> /dev/ad0s4e 507630 162050 304970 35% /tmp
>
> Have you tried using "/tmp" or some other suitable mount point
> before slinging off with the old Doctor joke?
>
> Even if it is only "/", having the system die and not be recoverable
> due to having a excessive number of files in "/" is a critical
> error. I'm sure you have *never* accidently copied a set of files
> to "/" in your life. Me, I know I've made that sort of mistake in
> the past, and as I'm not perfect, I'm sure I'll make that sort of
> mistake at some point in the future. I would however like the
> machine not to fallover when I do make that mistake.
>
> Now why don't you be constructive and verify whether the report is
> valid or not. I don't have a spare machine to test it on so I'm
> not going to attempt it.
I tried this using /tmp/ as argv[1] and it didn't crash a 6.2 machine or
a -current from a few weeks ago. Maybe the number of files has to be
increased? I bumped it up to 100000 and tried on a 6.2 machine, but I
ran out of inodes before I could induce a crash. :)
Maybe I'm doing something wrong?
-- WXS
More information about the freebsd-security
mailing list