From owner-freebsd-hackers  Tue Aug 24 16:14:32 1999
Delivered-To: freebsd-hackers@freebsd.org
Received: from thetis.deor.org (thetis.quickie.net [206.245.163.5])
	by hub.freebsd.org (Postfix) with ESMTP id 277C21529E
	for <freebsd-hackers@FreeBSD.ORG>; Tue, 24 Aug 1999 16:14:26 -0700 (PDT)
	(envelope-from rabbi@quickie.net)
Received: from localhost (rabbi@localhost)
	by thetis.deor.org (8.9.3/8.9.3) with ESMTP id TAA01982;
	Tue, 24 Aug 1999 19:13:52 -0400
Date: Tue, 24 Aug 1999 19:13:46 -0400 (EDT)
From: "L. Sassaman" <rabbi@quickie.net>
To: FreeBSD Hackers List <freebsd-hackers@FreeBSD.ORG>
Cc: Marc Olzheim <marcolz@ilse.nl>,
	Greg Lynn <dglynn@vaview5.vavu.vt.edu>
Subject: testsockbuf.c
Message-ID: <Pine.LNX.4.10.9908241900570.1945-100000@thetis.deor.org>
X-AIM: Elom777
X-icq: 10735603
X-No-Archive: yes
X-PGP: <http://sion.quickie.net:80/pubkey.txt>
X-PGP-ID-Fprnt: 0x09AC0A6A 7A1A 407F B1CA 7E4E AE85 E730 3D8A F1B2 09AC 0A6A
X-PGP-S: <http://sion.quickie.net:80/secure-pubkey.txt>
X-PGP-ID-Fprnt-S: 0x3AF92BD0 566B 5CA8 A733 34AA A482 586F 38D9 DBA8 3AF9 2BD0
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Has anyone worked out a fix for the socketbuffers problem reported by Marc
Olzheim? His exploit is here: http://www.stack.nl/~marcolz/testsockbuf.c

It was briefly discussed on the freebsd-security and freebsd-stable lists,
but no one seemed to have a viable solution. Changing the /etc/login.conf
values for the 'maxproc' and 'descriptors' resource limits doesn't change
the fact that this program can be uploaded and run as a cgi.

It halts FreeBSD 2.2.6, 2.2.8, 3.2.x, as well as variations of OpenBSD and
NetBSD. It's only a matter of time before this hits BugTraq and lands in
the hands of the skriptz kiddies; does someone with the ability to
work out a solution to this problem want to be proactive?




L. Sassaman                         

System Administrator                | "Even the most primitive society has
Technology Consultant               |  an innate respect for the insane."   
icq.. 10735603                      |
pgp.. finger://ns.quickie.net/rabbi |                    --Mickey Rourke





-----BEGIN PGP SIGNATURE-----
Version: GnuPG v0.9.10 (GNU/Linux)
Comment: OpenPGP Encrypted Email Preferred.

iD8DBQE3wycvPYrxsgmsCmoRAmGdAJ0ZkjuNZwXa96GItlnsfZuguQdfWgCgoQk7
hMAVwWA0GGKHaMOJ/HlfiuY=
=+oVg
-----END PGP SIGNATURE-----



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message