Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 17 Jul 1999 08:55:28 -0300 (EST)
From:      Paulo Fragoso <paulo@nlink.com.br>
To:        Matthew Dillon <dillon@apollo.backplane.com>
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Re: FreeBSD exploit?
Message-ID:  <Pine.BSF.3.96.990717084540.29894B-100000@mirage.nlink.com.br>
In-Reply-To: <199907152253.PAA13514@apollo.backplane.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 15 Jul 1999, Matthew Dillon wrote:

> :Hi,
> :
> :Has anyone ever read this article:
> :
> :http://www.securityfocus.com/level2/bottom.html?go=vulnerabilities&id=526
> :
> :all version of freebsd has this problem!!!
> :
> :Paulo.
> 
>     Yes, but it isn't an exploit, it's a denial of service attack
>     ( and there is a difference ).

Excuse my mistakes :-)

> 
>     Yes, it appears to be a real bug.  I can set my datasize limit
>     to 16m and then mmap() a 64m file MAP_PRIVATE and touch all the
>     pages without getting a fault.
> 
>     We could conceivably fix it by adding a new resource limit to
>     the system for privately mmap'd space.  But I think, ultimately,
>     the only way to fix it would be to add a per-user VM quota
>     resource that accounts for it properly.

I thought it was more dangerous, because the article is classified
"remote", and someone can remotely use to afsect another system.

Thanks,
Paulo.

> 
> 					-Matt
> 					Matthew Dillon 
> 					<dillon@backplane.com>
> 

------
"  ... Overall we've found FreeBSD to excel in performace, stability,
technical support, and of course price. Two years after discovering
FreeBSD, we have yet to find a reason why we switch to anything else"
						-David Filo, Yahoo!



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.990717084540.29894B-100000>