[OpenAFS] find /afs/ breaking the client?

Steve Devine sdevine@msu.edu
Sun, 04 Feb 2007 09:26:52 -0500


Jakub Witkowski wrote:
> Hello,
>
> I just ran into a fairly annoying problem:
>
> One of our students found out, by accident I guess, that running 
>
> find /afs/ -name whatever
>
> breaks the AFS client _and_ makes the machine hang on access to _any_
> file anywhere in the file system hierarhy, not only within afs.
>
> The problem is, this exploit has been successfully used to torpedo exams
> that involved students logging in to our SSH server, also as a general
> DoS style attack.
>
> Only our cell, wszib.edu.pl, is configured in the client on SSH server.
>
> Client version is 1.5.14; the system is Linux 2.6.18.1 running as
> unpriviledged guest within Xen.
>
> Any suggestions?
>
> Jakub Witkowski.
>   
I would try running the afs-client with the -fakestat-all switch .
See if that makes a diff.
/sd

-- 
Steve Devine
Network Storage and Printing
Academic Computing & Network Services
Michigan State University

506 Computer Center
East Lansing, MI 48824-1042
1-517-432-7327

Baseball is ninety percent mental; the other half is physical.
- Yogi Berra