Subject: Re: NetBSD Security Advisory 1999-008
To: None <>
From: Jonathan Stone <jonathan@DSG.Stanford.EDU>
List: tech-security
Date: 04/13/1999 02:04:24
In message <>Stefan Grefen writes
>In message <>  matthew green wrote:
>> Topic:		Kernel hang or panic in name lookup under certain circu
>> Version:	NetBSD 1.3.X, NetBSD-current to 19990409, and
>> 			early versions of NetBSD-1.4_ALPHA
>> Severity:	In later versions of -current and in 1.4_ALPHA, unprivileged
>> 			users can panic the system.
>> Abstract
>> ========
>> Unprivileged users can trigger a file-system locking error, causing the
>> system to panic or hang.  The following command sequence will trigger
>> the vulnerability:
>> 	% ln -s ./ test
>> 	% ln -s ./ test
>You can also do a union mount (eg. mount -F union /usr/src /usr/sup/src) and
>run concurrent lookup/create/change opertations on it. (eg. multiple makes or 
>a make and a find)
>This will crash the system with locking errors after some time.
>Having a mounted union-fs also prevents a clean shutdown.
>As unionfs is known to be 'unstable' I haven't submited a PR.

Same deal with nullfs.
  `config <CONFIGFILE>; `make -j2' is a good way to reproduce it.