Date: Tue, 17 Aug 1999 03:12:28 -0700
From: Ben Lull <blull@PSN.NET.>
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: Symmetric Multiprocessing (SMP) Vulnerbility in BSDi 4.0.1
Description:
A vulnerbility exists in BSDi 4.0.1 Symmetric Multiprocessing
(SMP). During high CPU usage it is possible to cause BSDi 4.0.1
(possibly others but untested) with all current patches to stop
responding and 'lock up' when a call to fstat is made.
Reproduction:
This is very simple to reproduce. Simply run a few instances of
commands which will eat up large amounts of CPU (top -s .1). When
the CPU hits a reasonable amount, begin to run fstat. After the
first 20-30 lines your machine should stop responding.
Solution:
At this time, after consulting BSDi, it has been determined that
this issue has yet to be encountered. The following temporary
fixes should be able to prevent this in the future until BSDi is
able to release an official patch:
1.) Simply chmod 000 to /usr/bin/fstat
2.) Either move or remove /etc/mp.config. During boot, if this
file is not found, BSDi will not boot into SMP mode.
Credits:
_THE MAN_ who ponted this out to me at work the other day (I'm not
sure if you want people knowing your name, you know who you are).
He was the one to discover that there was an issue with BSDi
locking up when a call to fstat was made... I was only the one to
verify this and discover that it was due to SMP (with the help of
the tech from BSDi of course... (You know who you are too, thanks
for your help).
- Ben
*****************************
* Ben Lull *
* PSN Internet Services *
* Jr. Systems Administrator *
*****************************
- I may be a kid, but hey Mom, look at me now!
- The only true type of freedom is that of speech (and a debugger).
