misc/131290: How to completely freeze FreeBSD 7.1 under a non-privileged user

Sergey ad.sergey at gmail.com
Mon Feb 2 03:10:25 PST 2009 

>Number:         131290
>Category:       misc
>Synopsis:       How to completely freeze FreeBSD 7.1 under a non-privileged user
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Feb 02 11:10:09 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator:     Sergey
>Release:        7.0, 7.1
>Organization:
>Environment:
FreeBSD begemot.somehost.lan 7.1-RELEASE-p2 FreeBSD 7.1-RELEASE-p2 #4: Mon Jan 26 10:14:36 MSK 2009     root at begemot.somehost.lan:/usr/obj/usr/src/sys/GENERICULE  amd64
>Description:
Hello.

I think I've came across a way to completely freeze FreeBSD under a non-privileged user. The problem was reproduced on two different computers running FreeBSD 7.0.

Here is what you need to do in order to reproduce the bug:

1. Install Erlang R12B5 using ports system
3. Download loop.sh and escript.erl from http://gist.github.com/56879 (they are also listed at the end of this letter)
2. Run loop.sh (which in fact just starts escript.erl periodically)
3. Wait until your system freezes

WARNING: after that you won't be able to restart your system in a consistent manner using current login session or even connect via SSH. There is only one way to get back into the working system - hard reset.

I've found that such a freeze is a result of the following Erlang call in the escript.erl:

net_kernel:start([test_node, shortnames])

This call make it possible to do RPC's to another Erlang nodes from escript.

This bug never happens under Linux to me (I used Archlinux for testing).

I didn't write bug reports neither to Erlang public maillist nor to FreeBSD public maillist because of security purposes. Please let me know if it won't be harmful for FreeBSD to post such a bug report to public Erlang maillist.

Contact me if necessary.

Thanks for your work.

-----------------------

#!/usr/bin/env bash
# loop.sh
 
TIME=${1-5}
 
while true; do
echo 'Running escript...'
    ./escript.erl
    echo "Timeout ($TIME s.)..."
    sleep $TIME
done

------------------------

#!/usr/bin/env escript
% escript.erl
 
main(_) ->
    os:cmd("epmd -daemon"),
    io:format(" #1~n"),
 
    net_kernel:start([test_node, shortnames]), % <--- WARNING: This call causes the system freeze. But for this to heppen the escript.erl needs to be started a several times, so use loop.sh
    io:format(" #2~n"),
 
    erlang:set_cookie(node(), somecookie),
    io:format(" #3~n"). 
>How-To-Repeat:
1. Install Erlang R12B5 using ports system
3. Download loop.sh and escript.erl from http://gist.github.com/56879 (they are also listed at the end of "Full description section")
2. Run loop.sh (which in fact just starts escript.erl periodically)
3. Wait until your system freezes
>Fix:


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list