From owner-freebsd-security@FreeBSD.ORG Fri Jan 28 19:35:36 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1F3B81065674 for ; Fri, 28 Jan 2011 19:35:36 +0000 (UTC) (envelope-from sonic2000gr@gmail.com) Received: from mail-ww0-f50.google.com (mail-ww0-f50.google.com [74.125.82.50]) by mx1.freebsd.org (Postfix) with ESMTP id 8D3D08FC23 for ; Fri, 28 Jan 2011 19:35:35 +0000 (UTC) Received: by wwf26 with SMTP id 26so3535712wwf.31 for ; Fri, 28 Jan 2011 11:35:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:message-id:date:from:user-agent:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=RsHCJRmRwxD3YaXLy7Ue4LGyS1Zclcaf6UmQgYsVhfw=; b=XQF3K5bIcgVbsaq337SGzi+4WYSDlcYriMsiqL+Oz6XaOUgyLu7H/TBWLANpzXA+Sc AbmE7G4O3QR3yFs+oZV/DfjYfd59UjD8oal/z5XlW/65CogtsgnHDA0vD6wQoXO/ukYx 4N6cCT7gvHwlnucU7URb1q193wdc7d999gfdA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; b=DOsskNlAGBDoD9kPPwBmaB8nC59esptfqaK6/xUrNAR7rUfk0aswcjq16uVQaeAO/5 oM7fXuyGnDmJXFJsnQrvAOymZau6U+AjGpE8hVQhltPnC4D+Q4mSlhkJIQ7+YQJ841An tFFjgG5rfjHjBrb3AoLgbvFfttv1LFma44Ic0= Received: by 10.216.62.212 with SMTP id y62mr3990751wec.9.1296241804552; Fri, 28 Jan 2011 11:10:04 -0800 (PST) Received: from [192.168.0.151] (ppp-94-69-59-210.home.otenet.gr [94.69.59.210]) by mx.google.com with ESMTPS id h39sm5183494wes.5.2011.01.28.11.10.02 (version=TLSv1/SSLv3 cipher=RC4-MD5); Fri, 28 Jan 2011 11:10:02 -0800 (PST) Message-ID: <4D431498.8090105@gmail.com> Date: Fri, 28 Jan 2011 21:10:16 +0200 From: Manolis Kiagias User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.16) Gecko/20101226 Icedove/3.0.11 MIME-Version: 1.0 To: freebsd-security@freebsd.org References: <4D42D2B2.4030806@tomjudge.com> <4D42EA05.2070707@tomjudge.com> <201101281209.51046.john@baldwin.cx> <4D42FF0E.9030407@tomjudge.com> In-Reply-To: <4D42FF0E.9030407@tomjudge.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: Recent full disclosure post - Local DOS X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Jan 2011 19:35:36 -0000 On 01/28/2011 07:38 PM, Tom Judge wrote: > >> This is an IPPROTO_TCP, TCP_NOPUSH with an optval of 0. >> >> Can you try making a far simpler program that just does: >> >> int optval, s; >> >> s = socket(PF_INET, SOCK_STREAM, 0); >> if (s< 0) >> err(1, "socket"); >> optval = 0; >> if (setsockopt(s, IPPROTO_TCP, TCP_NOPUSH,&optval, sizeof(optval))< 0) >> err(1, "setsockopt"); >> >> and see if that breaks? >> >> > Hi John, > > I can't repeat this with the code you sent. I tried this in a while (1) > loop and had 4 instances running without issue. > > Tom > > FWIW, I can't crash 7.4-RC2 (i386) and 8.2-RC2 (amd64) with either the original or John's code. Tried both as user and root.