In message <26497.923972993@eterna.com.au>  matthew green wrote:
> 
> Topic:		Kernel hang or panic in name lookup under certain circumstances
> Version:	NetBSD 1.3.X, NetBSD-current to 19990409, and
> 			early versions of NetBSD-1.4_ALPHA
> Severity:	In later versions of -current and in 1.4_ALPHA, unprivileged
> 			users can panic the system.
> 
> 
> Abstract
> ========
> 
> Unprivileged users can trigger a file-system locking error, causing the
> system to panic or hang.  The following command sequence will trigger
> the vulnerability:
> 
> 	% ln -s ./ test
> 	% ln -s ./ test

You can also do a union mount (eg. mount -F union /usr/src /usr/sup/src) and
run concurrent lookup/create/change opertations on it. (eg. multiple makes or 
a make and a find)
This will crash the system with locking errors after some time.
Having a mounted union-fs also prevents a clean shutdown.
As unionfs is known to be 'unstable' I haven't submited a PR.

Stefan

--
Stefan Grefen                                Tantau Software International Inc.
grefen@hprc.tandem.com                       stefan.grefen@tantau.de 
 --- Hacking's just another word for nothing left to kludge. ---