On Mon, Feb 16, 2004 at 06:12:18PM +0300, Maxim Konovalov wrote: +> > +> What I really do not understand why we do not leak in non-jail +> > +> environment? +> > +> > I'm sure we are, this is just hard to check, because we don't have +> > list with allocated 'cred' structures. +> > +> > But try to do your test without a jail and track 2nd column in: +> > +> > # sysctl kern.malloc | grep cred +> > +> > Number of objects grows when I'm killing daemon while connection +> > exists. I'm wondering if this cannot be used to some DoS attack. +> +> Can't reproduce: +> +> $ vmstat -m | grep cred +> cred 38 5K 5K 22714 128 +> +> [ serveral nc & telnet tests I port early in non-jail environment ] +> +> $ vmstat -m | grep cred +> cred 38 5K 5K 22833 128 Probably, because no new cred structure is allocated when you run 'nc' without a jail (only this one used by your shell is referenced again). Try to do: # su - <some_user> -c "/usr/local/bin/nc -p 1234 -l 127.0.0.1" -- Pawel Jakub Dawidek http://www.FreeBSD.org pjd_at_FreeBSD.org http://garage.freebsd.pl FreeBSD committer Am I Evil? Yes, I Am!
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:43 UTC