Jails that keep hanging around
Maxim Konovalov
maxim at macomnet.ru
Mon Feb 16 07:12:21 PST 2004
On Mon, 16 Feb 2004, 15:07+0100, Pawel Jakub Dawidek wrote:
> On Mon, Feb 16, 2004 at 04:47:25PM +0300, Maxim Konovalov wrote:
> +> > If there is no objections I'm going to commit it tomorrow.
> +>
> +> What I really do not understand why we do not leak in non-jail
> +> environment?
>
> I'm sure we are, this is just hard to check, because we don't have
> list with allocated 'cred' structures.
>
> But try to do your test without a jail and track 2nd column in:
>
> # sysctl kern.malloc | grep cred
>
> Number of objects grows when I'm killing daemon while connection
> exists. I'm wondering if this cannot be used to some DoS attack.
Can't reproduce:
$ vmstat -m | grep cred
cred 38 5K 5K 22714 128
[ serveral nc & telnet tests I port early in non-jail environment ]
$ vmstat -m | grep cred
cred 38 5K 5K 22833 128
[ same tests in jail ]
$ vmstat -m | grep cred
cred 42 6K 6K 23034 128
$ jls
JID IP Address Hostname Path
4 127.0.0.1 j /
3 127.0.0.1 j /
2 127.0.0.1 j /
1 127.0.0.1 j /
--
Maxim Konovalov
More information about the freebsd-current
mailing list