From owner-freebsd-security  Thu Jul 15 15:53:48 1999
Delivered-To: freebsd-security@freebsd.org
Received: from apollo.backplane.com (apollo.backplane.com [209.157.86.2])
	by hub.freebsd.org (Postfix) with ESMTP id B8EF5155E8
	for <freebsd-security@FreeBSD.ORG>; Thu, 15 Jul 1999 15:53:46 -0700 (PDT)
	(envelope-from dillon@apollo.backplane.com)
Received: (from dillon@localhost)
	by apollo.backplane.com (8.9.3/8.9.1) id PAA13514;
	Thu, 15 Jul 1999 15:53:11 -0700 (PDT)
	(envelope-from dillon)
Date: Thu, 15 Jul 1999 15:53:11 -0700 (PDT)
From: Matthew Dillon <dillon@apollo.backplane.com>
Message-Id: <199907152253.PAA13514@apollo.backplane.com>
To: Paulo Fragoso <paulo@nlink.com.br>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: FreeBSD exploit?
References:  <Pine.BSF.3.96.990715181051.8607A-100000@mirage.nlink.com.br>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

:Hi,
:
:Has anyone ever read this article:
:
:http://www.securityfocus.com/level2/bottom.html?go=vulnerabilities&id=526
:
:all version of freebsd has this problem!!!
:
:Paulo.

    Yes, but it isn't an exploit, it's a denial of service attack
    ( and there is a difference ).

    Yes, it appears to be a real bug.  I can set my datasize limit
    to 16m and then mmap() a 64m file MAP_PRIVATE and touch all the
    pages without getting a fault.

    We could conceivably fix it by adding a new resource limit to
    the system for privately mmap'd space.  But I think, ultimately,
    the only way to fix it would be to add a per-user VM quota
    resource that accounts for it properly.

					-Matt
					Matthew Dillon 
					<dillon@backplane.com>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message