[erlang-bugs] Erlang can completely hang FreeBSD 7.1

Sergey S <>
Mon Feb 2 12:22:53 CET 2009


I've found a serious bug which completely hangs your FreeBSD. I've
been waiting for some time for confirmation that it can be posted in
public mailing lists.

Here is bug-report I wrote to BSD Secure Team some time ago:


I think I've came across a way to completely freeze FreeBSD under a
non-privileged user. The problem was reproduced on two different
computers running FreeBSD 7.0.

Here is what you need to do in order to reproduce the bug:

1. Install Erlang R12B5 using ports system
2. Run loop.sh (which in fact just starts escript.erl periodically)
attached to this letter.
3. Wait until your system freezes

WARNING: after that you won't be able to restart your system in a
consistent manner using current login session or even connect via SSH.
There is only one way to get back into the working system - hard

I've found that such a freeze is a result of the following Erlang call
in the escript.erl:

net_kernel:start([test_node, shortnames])

This call make it possible to do RPC's to another Erlang nodes from escript.

This bug never happens under Linux to me (I used Archlinux for testing).

I didn't write bug reports neither to Erlang public maillist nor to
FreeBSD public maillist because of security purposes. Please let me
know if it won't be harmful for FreeBSD to post such a bug report to
public Erlang maillist.

Contact me if necessary.

Thanks for your work.

When FreeBSD 7.1 came out, I tried to reproduce the bug on the fresh
installed system - it hanged my system as with 7.0.

I've made a simple shell-script (it's attached) causing the problem.
Also I've hanged my system some times to ensure that it's easy for
anybody to reproduce what I'm talking about.

Copy of this letter was sent to freebsd-bugs mailing through FreeBSD
PR system: http://lists.freebsd.org/pipermail/freebsd-bugs/2009-February/034016.html

Of course the lair of the bug is in FreeBSD, not in Erlang, but I hope
that something can be done on the Erlang side. Often it's much easer
to update Erlang than to update the whole production system.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: loop.sh
Type: application/x-sh
Size: 150 bytes
Desc: not available
URL: <http://erlang.org/pipermail/erlang-bugs/attachments/20090202/da5e91f7/attachment.sh>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: escript.erl
Type: application/octet-stream
Size: 372 bytes
Desc: not available
URL: <http://erlang.org/pipermail/erlang-bugs/attachments/20090202/da5e91f7/attachment.obj>

More information about the erlang-bugs mailing list