From owner-freebsd-bugs Mon Aug 4 16:20:52 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id QAA04965 for bugs-outgoing; Mon, 4 Aug 1997 16:20:52 -0700 (PDT) Received: from pat.idi.ntnu.no (0@pat.idi.ntnu.no [129.241.103.5]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id QAA04941; Mon, 4 Aug 1997 16:20:32 -0700 (PDT) Received: from idt.unit.no (tegge@ikke.idi.ntnu.no [129.241.111.65]) by pat.idi.ntnu.no (8.8.6/8.8.6) with ESMTP id BAA10763; Tue, 5 Aug 1997 01:19:44 +0200 (MET DST) Message-Id: <199708042319.BAA10763@pat.idi.ntnu.no> To: ru@ucb.crimea.ua Cc: freebsd-bugs@FreeBSD.ORG, torstenb@FreeBSD.ORG Subject: Re: CPSR #8: identd Denial of Service (fwd) In-Reply-To: Your message of "Mon, 4 Aug 1997 19:14:17 +0300 (EET DST)" References: <199708041614.TAA23764@relay.ucb.crimea.ua> X-Mailer: Mew version 1.70 on Emacs 19.34.1 Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Date: Tue, 05 Aug 1997 01:19:44 +0200 From: Tor Egge Sender: owner-freebsd-bugs@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > Index: libexec/identd/identd.c > =================================================================== > RCS file: /cvs/src/libexec/identd/identd.c,v > retrieving revision 1.4 > retrieving revision 1.5 > diff -r1.4 -r1.5 > 2c2 > < ** $Id: identd.c,v 1.4 1997/07/23 20:36:27 kstailey Exp $ > --- > > ** $Id: identd.c,v 1.5 1997/07/29 07:49:31 deraadt Exp $ > 180a181 > > int save_errno = errno; > 184a186 > > errno = save_errno; > This patch causes the SIGCHLD handler to no longer clobber errno. While this is a bug fix, it should only affect the parent process and remove some bogus "main: select" error messages. Since the kernel might change during the call to k_getuid(), you still have the problem with possible infinite loops and wrong return values from k_getuid(). Several methods can be used to limit this problem: 1. alarm handler 2. setrlimit(RLIMIT_CPU,...) 3. count the number of calls to getbuf, and impose a reasonable limit. 4. Move the socket/uid lookup into the kernel (eliminate most of k_getuid). This also eliminates the problem of a wrong value being returned. Negative impact: About 200 bytes kernel bloat. 5. Don't run identd. I use method 4. - Tor Egge