DoS lockd

A Tru64 client may accidentally crash the lockd process on a Debian server.
I wonder if this "works" on other Linux versions, and if this attack may be
exploited to more than a DoS.

Any followups/replies please send me directly, as I am not subscribed to
the nfs <at> lists.sourceforge.net mailing list.

Cheers,

Paul Szabo - psz <at> maths.usyd.edu.au  http://www.maths.usyd.edu.au:8000/u/psz/
School of Mathematics and Statistics  University of Sydney   2006  Australia

---

/*
 * There are problems with NFS exporting from a Debian server and mounting on
 * a Tru64 client: a simple F_GETLK request may crash lockd on the server,
 * creating a Denial-of-Service attack. (We can attack a Debian server from
 * any client we can control; from Tru64 we do not even need "root".) I am not
 * sure if this can be leveraged into more than a DoS.
 * 
 * Tested on: Server: Debian woody:
 * root <at> padua:~# uname -a
 * Linux padua.maths.usyd.edu.au 2.4.18 #1 SMP Mon May 13 10:53:31 EST 2002 i686 unknown
 * Client: Tru64 V5.1:
 * # uname -a 
 * OSF1 turin.maths.usyd.edu.au V5.1 732 alpha
 * 
 * We need insecure_locks in /etc/exports for Tru64 clients, see 
 * http://mirror.cse.unsw.edu.au/pub/LDP/HOWTO/NFS-HOWTO/interop.html#TRU64