Easy DoS
Kostik Belousov
kostikbel at gmail.com
Fri Dec 16 07:10:46 PST 2005
On Fri, Dec 16, 2005 at 02:34:48PM +0100, Csaba Henk wrote:
> Do
>
> echo 'main() { write(1, 0, 1); }' > edos.c
> gcc -o edos edos.c
> ./edos | cat
>
> ... and now the edos process gets stuck in the write syscall, unkillably,
> keeping the CPU spinning. (Seen on my 6.0-RELEASE and 7.0-CURRENT boxen.)
>
> Is it a bug or a feature?
>
> Csaba
Sure, it is a bug :).
Please, try the following patch (against 7-CURRENT,
shall work for 6-STABLE too):
--- src-pristine/sys/kern/sys_pipe.c Mon Jul 11 11:33:58 2005
+++ src-quotas/sys/kern/sys_pipe.c Fri Dec 16 17:03:01 2005
@@ -1176,6 +1176,8 @@
("Pipe buffer overflow"));
}
pipeunlock(wpipe);
+ if (error != 0)
+ break;
} else {
/*
* If the "read-side" has been blocked, wake it up now.
Best regards,
Kostik Belousov
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20051216/089728e7/attachment.bin
More information about the freebsd-current
mailing list