:Venkatesh Srinivas <vsrinivas@dragonflybsd.org> added the comment: : :Commit 2994659f1e6c1ef260241491bceca91c9d2553b3 is a partial fix to the problem; :it does not handle overflows in the spinlock loop path in fdcopy and it is still :possible to make the system unusable with the sample program posted below. : :Perhaps we should also raise the malloc zone limit to maxproc * MAX_FDS_PER_PROC? No, won't work, the maximum will baloon well past any reasonable limit when you try to do that. We have a kern.maxfilesperuser that's supposed to handle that sort of attack, is it not working? It might not be applicable to root though. -Matt Matthew Dillon <dillon@backplane.com>