[OpenAFS] find /afs/ breaking the client?

Derrick J Brashear shadow@dementia.org
Sun, 4 Feb 2007 09:36:47 -0500 (EST)


On Sun, 4 Feb 2007, Jakub Witkowski wrote:

> Hello,
>
> I just ran into a fairly annoying problem:
>
> One of our students found out, by accident I guess, that running
>
> find /afs/ -name whatever
>
> breaks the AFS client _and_ makes the machine hang on access to _any_
> file anywhere in the file system hierarhy, not only within afs.
>
> The problem is, this exploit has been successfully used to torpedo exams
> that involved students logging in to our SSH server, also as a general
> DoS style attack.
>
> Only our cell, wszib.edu.pl, is configured in the client on SSH server.
>
> Client version is 1.5.14; the system is Linux 2.6.18.1 running as
> unpriviledged guest within Xen.

Well, we haven't recommended 1.5.14 so I'm curious why you chose it, but, 
do you have an oops?

Derrick