Re: Solaris 2.5.1/2.6 fingerd bug

casperHOLLAND.SUN.COM

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Casper Dik: "Re: resend"
• Previous message: Dag-Erling Coidan =?ISO-8859-1?Q?Sm=F8rgrav?=: "YA Apache DoS attack"
• In reply to: Joseph Moran: "Re: Solaris 2.5.1/2.6 fingerd bug"

>> Fiji (jfay) wrote:
>> > try finger hosthosthost....145 times.... This should run the # of
>> > processes in excess of 1500 and shoot the system load up to at least 13.5.
>> >
>> > You can also do a finger hostahostb where hostb is a machine running
>> > 2.5.1 or 2.6. Now this has not been confirmed on Solaris (x86). The bug id
>> > is 4161606 but yet there is no patch available as of today.
>>
>> Yep, same thing happens for x86 running 2.6.
>>
>> ~james
>
>For what it's worth, the two 2.5.1 machines I currently run don't have
>this problem.  Both were installed using 2.5.1 HW:4/97 media and then
>subsequently brought up to Generic_103640-21 via the current (ie. a few
>weeks ago) 2.5.1_Recommended kit.  The machines are a sparc 2 and 10.


There's actually a quite simple workaround (BTW, one finger can't
create 1500 processes; there's a buffer of 512 characters and you
get at most 512 /(1+lenghtofhostname)*2 processes.)

The quick fix is to set the number of processes per user to a acceptable
value by editing /etc/system:


        set maxuprc = 50


This will limit the number of processes per user (not including root, but
including nobody) to a small value.  For certain setups, you can pick
a larger system.

If you dont' want to reboot, it's bit harder, but try:

        adb -wk
        v+0x1c/W<num>


Casper

• Next message: Casper Dik: "Re: resend"
• Previous message: Dag-Erling Coidan =?ISO-8859-1?Q?Sm=F8rgrav?=: "YA Apache DoS attack"
• In reply to: Joseph Moran: "Re: Solaris 2.5.1/2.6 fingerd bug"