reiserfs one user DoS?

reiserfs one user DoS?

[Max A. Krasilnikov]

Hi!
I have found such strange thing:

pseudo@avalon at 14:04:00  ~> dd if=/dev/zero of=file bs=1 count=0 seek=1000000000000

After that my Intel Celeron 800 MHz/384M RAM 60G/Seagate U6 under
Linux-2.4.22-grsec on reiserfs was utilized 100% for more than 2 hours.
dd process can't be killed.

Is this my flow or real bug?

-- 
WBR, Max A. Krasilnikov
"Colocall" Internet Data Center

Re: reiserfs one user DoS?

[Hans Reiser]

Max A. Krasilnikov wrote:

>Hi!
>I have found such strange thing:
>
>pseudo@avalon at 14:04:00  ~> dd if=/dev/zero of=file bs=1 count=0 seek=1000000000000
>
>After that my Intel Celeron 800 MHz/384M RAM 60G/Seagate U6 under
>Linux-2.4.22-grsec on reiserfs was utilized 100% for more than 2 hours.
>dd process can't be killed.
>
>Is this my flow or real bug?
>
>  
>
it is fixed in reiser4.  linux has a lot of DOS vulerabilities to logged 
in users, mostly due to the ability to consume all of some resource or 
another.  forgive me for not discussing them publicly.;-)

-- 
Hans

Re: reiserfs one user DoS?

[Christian Kujau]

Hans Reiser schrieb:
> Max A. Krasilnikov wrote:
> 
>> Hi!
>> I have found such strange thing:
>>
>> pseudo@avalon at 14:04:00  ~> dd if=/dev/zero of=file bs=1 count=0 
>> seek=1000000000000
>>
>> After that my Intel Celeron 800 MHz/384M RAM 60G/Seagate U6 under
>> Linux-2.4.22-grsec on reiserfs was utilized 100% for more than 2 hours.
>> dd process can't be killed.
>>
>> Is this my flow or real bug?
>>
>>  
>>
> it is fixed in reiser4.  linux has a lot of DOS vulerabilities to logged 
> in users, mostly due to the ability to consume all of some resource or 
> another.  forgive me for not discussing them publicly.;-)

perhaps "ulimit" could help here.

man bash-builtins, search for "ulimit" then.

Christian.
-- 
BOFH excuse #153:

Big to little endian conversion error

Re: reiserfs one user DoS?

[Erik Tews]

On Sun, Oct 05, 2003 at 06:09:24PM +0200, Christian Kujau wrote:
> Hans Reiser schrieb:
> >>I have found such strange thing:
> >>
> >>pseudo@avalon at 14:04:00  ~> dd if=/dev/zero of=file bs=1 count=0 
> >>seek=1000000000000
> >>
> >>After that my Intel Celeron 800 MHz/384M RAM 60G/Seagate U6 under
> >>Linux-2.4.22-grsec on reiserfs was utilized 100% for more than 2 hours.
> >>dd process can't be killed.
> >>
> >>Is this my flow or real bug?
> >>
> >it is fixed in reiser4.  linux has a lot of DOS vulerabilities to logged 
> >in users, mostly due to the ability to consume all of some resource or 
> >another.  forgive me for not discussing them publicly.;-)
> 
> perhaps "ulimit" could help here.

Really? If I got a process which is unkillable, how can the kernel kill
this process if it runs out of cpu-time?

Re: reiserfs one user DoS?

[Mike Fedyk]

On Mon, Oct 06, 2003 at 01:51:49AM +0200, Erik Tews wrote:
> On Sun, Oct 05, 2003 at 06:09:24PM +0200, Christian Kujau wrote:
> > Hans Reiser schrieb:
> > >>I have found such strange thing:
> > >>
> > >>pseudo@avalon at 14:04:00  ~> dd if=/dev/zero of=file bs=1 count=0 
> > >>seek=1000000000000
> > >>
> > >>After that my Intel Celeron 800 MHz/384M RAM 60G/Seagate U6 under
> > >>Linux-2.4.22-grsec on reiserfs was utilized 100% for more than 2 hours.
> > >>dd process can't be killed.
> > >>
> > >>Is this my flow or real bug?
> > >>
> > >it is fixed in reiser4.  linux has a lot of DOS vulerabilities to logged 
> > >in users, mostly due to the ability to consume all of some resource or 
> > >another.  forgive me for not discussing them publicly.;-)
> > 
> > perhaps "ulimit" could help here.
> 
> Really? If I got a process which is unkillable, how can the kernel kill
> this process if it runs out of cpu-time?

If it is unkillable, you're either talking about kernel bugs or NFS, and
root should be able to kill a user process that has run out of ulimit
resources.

Re: reiserfs one user DoS?

[viro]

On Sun, Oct 05, 2003 at 07:03:42PM -0700, Mike Fedyk wrote:
> On Mon, Oct 06, 2003 at 01:51:49AM +0200, Erik Tews wrote:
> > On Sun, Oct 05, 2003 at 06:09:24PM +0200, Christian Kujau wrote:
> > > Hans Reiser schrieb:
> > > >>I have found such strange thing:
> > > >>
> > > >>pseudo@avalon at 14:04:00  ~> dd if=/dev/zero of=file bs=1 count=0 
> > > >>seek=1000000000000
> > > >>
> > > >>After that my Intel Celeron 800 MHz/384M RAM 60G/Seagate U6 under
> > > >>Linux-2.4.22-grsec on reiserfs was utilized 100% for more than 2 hours.
> > > >>dd process can't be killed.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

> > Really? If I got a process which is unkillable, how can the kernel kill
> > this process if it runs out of cpu-time?
> 
> If it is unkillable, you're either talking about kernel bugs or NFS, and
> root should be able to kill a user process that has run out of ulimit
> resources.

Re: reiserfs one user DoS?

[Oleg Drokin]

Hello!

On Sat, Oct 04, 2003 at 03:06:25PM +0300, Max A. Krasilnikov wrote:
> I have found such strange thing:
> pseudo@avalon at 14:04:00  ~> dd if=/dev/zero of=file bs=1 count=0 seek=1000000000000
> After that my Intel Celeron 800 MHz/384M RAM 60G/Seagate U6 under
> Linux-2.4.22-grsec on reiserfs was utilized 100% for more than 2 hours.
> dd process can't be killed.
> Is this my flow or real bug?

This particular problem is fixed in current 2.4 bk tree (and the fix
will be in 2.4.23). Also this problem does not exist in 2.6 for some time now.

Bye,
    Oleg