From owner-freebsd-security Sun Sep 5 17:30:57 1999 Delivered-To: freebsd-security@freebsd.org Received: from janus.syracuse.net (janus.syracuse.net [205.232.47.15]) by hub.freebsd.org (Postfix) with ESMTP id 88A7014CEF for ; Sun, 5 Sep 1999 17:30:55 -0700 (PDT) (envelope-from green@FreeBSD.org) Received: from localhost (green@localhost) by janus.syracuse.net (8.9.3/8.8.7) with ESMTP id UAA99066; Sun, 5 Sep 1999 20:28:22 -0400 (EDT) X-Authentication-Warning: janus.syracuse.net: green owned process doing -bs Date: Sun, 5 Sep 1999 20:28:22 -0400 (EDT) From: "Brian F. Feldman" X-Sender: green@janus.syracuse.net To: Matthew Dillon Cc: Garrett Wollman , Nick Hibma , FreeBSD -- The Power to Serve , Mike Tancsa , freebsd-security@FreeBSD.org Subject: Re: FW: Local DoS in FreeBSD In-Reply-To: <199909051637.JAA68325@apollo.backplane.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, 5 Sep 1999, Matthew Dillon wrote: > > :> old value of ui_sbsize when uip is not NULL. That may make the > :> problem more obvious. > : > :I've gdb'd every crash and it's been something like ui_sbsize = 0x1234 > :delta = -0x2000. > : > : Brian Fundakowski Feldman / "Any sufficiently advanced bug is \ > > 0x1234 could be an indication of a reference to a data structure > which has been freed. That would be 0xdeadc0de, but it wasn't actually 0x1234. It was something else somewhat similar. After tracking down the problem k6_mem.c has, I may look much more into this. > > -Matt > Matthew Dillon > > -- Brian Fundakowski Feldman / "Any sufficiently advanced bug is \ green@FreeBSD.org | indistinguishable from a feature." | FreeBSD: The Power to Serve! \ -- Rich Kulawiec / To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message