Date: Sat, 27 Nov 2010 18:59:50 +0100 From: Ed Schouten <ed@80386.nl> To: Ivan Klymenko <fidaj@ukr.net> Cc: hackers@freebsd.org Subject: Re: Simple kernel attack using socketpair. Message-ID: <9543140C-4B74-49FE-986C-FF029123416B@80386.nl> In-Reply-To: <20101126122639.4fd47cba@ukr.net> References: <20101126122639.4fd47cba@ukr.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Nov 26, 2010, at 11:26, Ivan Klymenko wrote: > Rumor has it that this vulnerability applies to FreeBSD too, with the > replacement SOCK_SEQPACKET on SOCK_DGRAM... >=20 > http://lkml.org/lkml/2010/11/25/8 >=20 > What do you think about this? I'm not sure, but it seems to be related to some kind of stack overflow = in close(), where each close() on a socket generates an additional = close() call of the inflight sockets. --=20 Ed Schouten <ed@80386.nl> WWW: http://80386.nl/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9543140C-4B74-49FE-986C-FF029123416B>