[OpenAFS] find /afs/ breaking the client?

Steve Devine sdevine@msu.edu
Sun, 04 Feb 2007 09:26:52 -0500

Jakub Witkowski wrote:
> Hello,
> I just ran into a fairly annoying problem:
> One of our students found out, by accident I guess, that running 
> find /afs/ -name whatever
> breaks the AFS client _and_ makes the machine hang on access to _any_
> file anywhere in the file system hierarhy, not only within afs.
> The problem is, this exploit has been successfully used to torpedo exams
> that involved students logging in to our SSH server, also as a general
> DoS style attack.
> Only our cell, wszib.edu.pl, is configured in the client on SSH server.
> Client version is 1.5.14; the system is Linux running as
> unpriviledged guest within Xen.
> Any suggestions?
> Jakub Witkowski.
I would try running the afs-client with the -fakestat-all switch .
See if that makes a diff.

Steve Devine
Network Storage and Printing
Academic Computing & Network Services
Michigan State University

506 Computer Center
East Lansing, MI 48824-1042

Baseball is ninety percent mental; the other half is physical.
- Yogi Berra