From owner-freebsd-security Mon Jan 29 22:52:17 2001 Delivered-To: freebsd-security@freebsd.org Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20]) by hub.freebsd.org (Postfix) with ESMTP id 367BC37B402; Mon, 29 Jan 2001 22:51:59 -0800 (PST) Received: (from bright@localhost) by fw.wintelcom.net (8.10.0/8.10.0) id f0U6pvq16959; Mon, 29 Jan 2001 22:51:57 -0800 (PST) Date: Mon, 29 Jan 2001 22:51:57 -0800 From: Alfred Perlstein To: Kris Kennaway Cc: "Brian F. Feldman" , security@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-01:11.inetd [REVISED] Message-ID: <20010129225157.O26076@fw.wintelcom.net> References: <200101300609.f0U69Cf70017@green.dyndns.org> <20010129222903.A79869@xor.obsecurity.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010129222903.A79869@xor.obsecurity.org>; from kris@obsecurity.org on Mon, Jan 29, 2001 at 10:29:03PM -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org * Kris Kennaway [010129 22:28] wrote: > On Tue, Jan 30, 2001 at 01:09:11AM -0500, Brian F. Feldman wrote: > > Actually, there were two issues. One was that the permissions weren't > > dropped totally on the way to opening the .fakeid file, and the other was > > that it was not read in a way that would be guaranteed not to block, so by > > creating a named pipe, the user could hang an inetd child. > > Is that really a security issue, though? Just a guess, one could slowly eat away at all available proccess slots. -- -Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org] "I have the heart of a child; I keep it in a jar on my desk." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message