From bitecode@cyvox.com Mon May  3 16:12:51 1999
Return-Path: <bitecode@cyvox.com>
Received: from cyvox.com (cyvox.com [206.152.182.52])
	by hub.freebsd.org (Postfix) with ESMTP id 54A21156FE
	for <FreeBSD-gnats-submit@freebsd.org>; Mon,  3 May 1999 16:12:39 -0700 (PDT)
	(envelope-from bitecode@cyvox.com)
Received: (from bitecode@localhost)
	by cyvox.com (8.9.3/8.9.3) id TAA01038;
	Mon, 3 May 1999 19:11:11 -0400 (EDT)
Message-Id: <199905032311.TAA01038@cyvox.com>
Date: Mon, 3 May 1999 19:11:11 -0400 (EDT)
From: MadSciGuy <bitecode@cyvox.com>
Reply-To: bitecode@cyvox.com
To: FreeBSD-gnats-submit@freebsd.org
Subject: unprivilaged users can use all file descriptors
X-Send-Pr-Version: 3.2

>Number:         11472
>Category:       misc
>Synopsis:       unprivilaged user takes all file descriptors
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon May  3 16:20:01 PDT 1999
>Closed-Date:    Mon Jun 21 12:37:18 PDT 1999
>Last-Modified:  Mon Jun 21 12:39:27 PDT 1999
>Originator:     MadSciGuy
>Release:        FreeBSD 3.0-RELEASE i386
>Organization:
>Environment:
	running a 3.0 release, fairly standard install
	

>Description:
	if you use sockets or fopen (or probably anything else that uses
	a file desciptor) and you don't close them, you can eventually use
	up all the descripts on the system, which makes the system almost
	useless. The system should limit the number of open descriptors per
	process to 1024 on this system, however, when the program exceeds
	the 1024 limit, it errors and logs it, but it still gives the file
	descriptor

	This could probably get used as an expliot from a remote system
	if your system runs a service that opens a socket, and will let it hang
	and doesn't keep count of how many sockets there are...
	

>How-To-Repeat:
	I'm guessing a simple code like this should work, but I can't test cuze
	I work off a server, and they don't like it when I force a reboot

	void main(void) {
		while (1)
			fopen("junkfile", "w");
	}

	should work to produce this bug after it runs a while...
	if it doesn't, e-mail me at bitecode@mindspring.com and I will
	send you some code that has (unfourtnally) been tested
	

>Fix:
	None that I know about, I can't find any documentation on a bug like this
	It would be nice if you could contact me about any patches that might be out
	for this bug bitecode@mindspring.com
	


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: gnats-admin->freebsd-bugs 
Responsible-Changed-By: steve 
Responsible-Changed-When: Sun May 16 17:04:54 PDT 1999 
Responsible-Changed-Why:  
Misfiled PR. 
State-Changed-From-To: open->closed 
State-Changed-By: hoek 
State-Changed-When: Mon Jun 21 12:37:18 PDT 1999 
State-Changed-Why:  
If you're using the bash shell, 'ulimit -n 100' will limit to 100 the number 
of open descriptors.  For other shells, see their manpage. 

You can also limit open descriptors from login.conf.  See `man 5 login.conf`. 
>Unformatted:
