From owner-freebsd-security@FreeBSD.ORG Mon Feb 18 13:23:07 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6B30616A46C; Mon, 18 Feb 2008 13:23:07 +0000 (UTC) (envelope-from des@des.no) Received: from tim.des.no (tim.des.no [194.63.250.121]) by mx1.freebsd.org (Postfix) with ESMTP id 21B0E13C4D1; Mon, 18 Feb 2008 13:23:06 +0000 (UTC) (envelope-from des@des.no) Received: from tim.des.no (localhost [127.0.0.1]) by spam.des.no (Postfix) with ESMTP id 5BF4F2083; Mon, 18 Feb 2008 14:23:00 +0100 (CET) X-Spam-Tests: AWL X-Spam-Learn: disabled X-Spam-Score: -0.3/3.0 X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on tim.des.no Received: from ds4.des.no (des.no [80.203.243.180]) by smtp.des.no (Postfix) with ESMTP id 46FD9207F; Mon, 18 Feb 2008 14:23:00 +0100 (CET) Received: by ds4.des.no (Postfix, from userid 1001) id 2A84F8449D; Mon, 18 Feb 2008 14:23:00 +0100 (CET) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: Jim Bryant References: <47B90868.7000900@electron-tube.net> Date: Mon, 18 Feb 2008 14:23:00 +0100 In-Reply-To: <47B90868.7000900@electron-tube.net> (Jim Bryant's message of "Sun\, 17 Feb 2008 22\:24\:08 -0600") Message-ID: <86odae5rgr.fsf@ds4.des.no> User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.1 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-fs@freebsd.org, freebsd-security@freebsd.org, FreeBSD-bugs@freebsd.org, freebsd-stable@freebsd.org Subject: Re: How to take down a system to the point of requiring a newfs with one line of C (userland) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Feb 2008 13:23:07 -0000 Jim Bryant writes: > #include > #include > > int main(int argc, char **argv) { int i; char buf[1024]; bzero(buf, 1024)= ; for(i =3D 0; i < 10000; i++) { sprintf(buf, "touch %s%05d\n", argv[1], i)= ; system((const char *)buf);} return(0);} Subject should be "how to take down a system [...] with three lines of badly written C, provided you have root privileges already and are too lazy to just dd if=3D/dev/zero of=3D/dev/ad0s1 count=3D100", which would accomplish the job much faster. Purely in the interest of showing off, here is my version. It is 81 bytes shorter than yours, it is valid C99 with POSIX extensions (yours is not), and it produces 11,450 files in about 0.2% of the time yours takes to produce 10,000. #include #define b(i,v) for(int v=3D48;v<127;++v){f[i]=3Dv; #define a(i) b(i,v##i) int main(void){char f[5]=3D{'/'};a(1)a(2)a(3)truncate(f,0);}}}} DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no