nfs bug & df: Can I lock up my kernel and overflow this buffer?
Kris Kennaway
kris at obsecurity.org
Mon May 9 21:33:24 PDT 2005
On Mon, May 09, 2005 at 11:14:51PM -0500, Billy Newsom wrote:
> Here's something pretty stupid about either the code in mount, df, or
> both. I'm on the verge of a denial of service if this lasts much
> longer.
Why do you think so?
> When I mount an nfs device more than once, I get this
> ridiculous output from df and mount:
>
> #df
> Filesystem 1K-blocks Used Avail Capacity Mounted on
> /dev/ad0s1a 253678 137554 95830 59% /
> devfs 1 1 0 100% /dev
> /dev/ad0s1e 253678 18 233366 0% /tmp
> /dev/ad0s1f 7782878 3273986 3886262 46% /usr
> /dev/ad0s1d 253678 125386 107998 54% /var
> devfs 1 1 0 100% /var/named/dev
> dell:/nfs 8883912 4104516 4779396 46% /dellbak
> dell:/nfs 8883912 4104516 4779396 46% /dellbak
> dell:/nfs 8883912 4104516 4779396 46% /dellbak
> dell:/nfs 8883912 4104516 4779396 46% /dellbak
> dell:/nfs 8883912 4104516 4779396 46% /dellbak
> dell:/nfs 8883912 4104516 4779396 46% /dellbak
Why's it ridiculous? You mounted it more than once, so it appears
more than once in the list of mounted filesystems.
> * Look at the fsid for /dellbak below, using verbose output. Pretty odd.
Why is it odd? The fsid is by definition different for different
mounts.
Kris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20050509/649490f5/attachment.bin
More information about the freebsd-stable
mailing list