Date: Mon, 10 May 1999 12:01:06 -0700 From: Don Lewis <Don.Lewis@tsc.tdk.com> To: Nate Williams <nate@mt.sri.com>, Don Lewis <truckman@FreeBSD.org> Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/kern uipc_usrreq.c Message-ID: <199905101901.MAA24520@salsa.gv.tsc.tdk.com> In-Reply-To: Nate Williams <nate@mt.sri.com> "Re: cvs commit: src/sys/kern uipc_usrreq.c" (May 10, 12:41pm)
next in thread | previous in thread | raw e-mail | index | archive | help
On May 10, 12:41pm, Nate Williams wrote: } Subject: Re: cvs commit: src/sys/kern uipc_usrreq.c } > truckman 1999/05/10 11:36:37 PDT } > } > Modified files: (Branch: RELENG_3) } > sys/kern uipc_usrreq.c } > Log: } > MFC: Fix descriptor leak provoked by KKIS.05051999.003b exploit code. } } David G. backed out the code that caused the leak, so will this do bad } things now? Should the 'security fix' be brought back in? I'm pretty sure that's a different leak. The KKIS (unintentionally I think) exploits a bug in the code that implements the passing of descriptors across Unix domain datagram sockets. If there is a failure in the middle of the operation, there is an extra reference to the descriptor which is being passed that gets orphaned. The reason I think this exploit is unintentional in FreeBSD >= 3.1, is that it exploits another bug in older versions of FreeBSD that pretty quickly provokes a panic. The descriptor leak takes longer to DoS the machine. BTW, should someone prepare a patch for both bugs in 2.2.X? I haven't observed the other leak. It looks like a problem with stream sockets. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199905101901.MAA24520>