Re: Jails that keep hanging around

From: Maxim Konovalov <maxim_at_macomnet.ru>
Date: Mon, 16 Feb 2004 18:12:18 +0300 (MSK)
On Mon, 16 Feb 2004, 15:07+0100, Pawel Jakub Dawidek wrote:

> On Mon, Feb 16, 2004 at 04:47:25PM +0300, Maxim Konovalov wrote:
> +> > If there is no objections I'm going to commit it tomorrow.
> +>
> +> What I really do not understand why we do not leak in non-jail
> +> environment?
>
> I'm sure we are, this is just hard to check, because we don't have
> list with allocated 'cred' structures.
>
> But try to do your test without a jail and track 2nd column in:
>
> 	# sysctl kern.malloc | grep cred
>
> Number of objects grows when I'm killing daemon while connection
> exists. I'm wondering if this cannot be used to some DoS attack.

Can't reproduce:

$ vmstat -m | grep cred
         cred    38     5K      5K    22714  128

[ serveral nc & telnet tests I port early in non-jail environment ]

$ vmstat -m | grep cred
         cred    38     5K      5K    22833  128

[ same tests in jail ]

$ vmstat -m | grep cred
         cred    42     6K      6K    23034  128
$ jls
   JID  IP Address      Hostname                      Path
     4  127.0.0.1       j                             /
     3  127.0.0.1       j                             /
     2  127.0.0.1       j                             /
     1  127.0.0.1       j                             /

-- 
Maxim Konovalov
Received on Mon Feb 16 2004 - 06:12:21 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:43 UTC