Date: Sun, 26 Mar 2000 13:36:50 +0200
From: Manfred Spraul <manfreds@colorfullife.com>
I overlooked that when I updated the message queue code: you could
kill the computer by sending lots of 0-byte messages to a SysV
message queue :-/
Also, as another example, send the following packet sequence to a BSD
tcp stack:
last byte in window
last 2 bytes in window
last 3 bytes in window
last 4 bytes in window
For a long time (I don't know if it is fixed now) you could use this
to make the kernel allocate "rcvbuf factorial" bytes of space per
socket on a BSD machine. (It's not a very useful remote DoS because
you have to create a real connection and thus give away your identity
to perform the attack)
I know at least FreeBSD fixed the Unix fd passing leak, so they
probably fixed this particular TCP nasty as well.
Later,
David S. Miller
davem@redhat.com
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Fri Mar 31 2000 - 21:00:17 EST