From owner-cvs-all Mon May 10 12: 5:46 1999 Delivered-To: cvs-all@freebsd.org Received: from burka.rdy.com (burka.rdy.com [205.149.163.30]) by hub.freebsd.org (Postfix) with ESMTP id D660A14D9B; Mon, 10 May 1999 12:05:42 -0700 (PDT) (envelope-from dima@burka.rdy.com) Received: (from dima@localhost) by burka.rdy.com (8.9.3/RDY&DVV) id MAA29210; Mon, 10 May 1999 12:05:26 -0700 (PDT) Message-Id: <199905101905.MAA29210@burka.rdy.com> Subject: Re: cvs commit: src/sys/kern uipc_usrreq.c In-Reply-To: <199905101901.MAA24520@salsa.gv.tsc.tdk.com> from Don Lewis at "May 10, 1999 12:01:06 pm" To: Don.Lewis@tsc.tdk.com (Don Lewis) Date: Mon, 10 May 1999 12:05:26 -0700 (PDT) Cc: nate@mt.sri.com (Nate Williams), truckman@FreeBSD.org (Don Lewis), cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org X-Class: Fast Organization: HackerDome Reply-To: dima@best.net From: dima@best.net (Dima Ruban) X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk Don Lewis writes: > I'm pretty sure that's a different leak. The KKIS (unintentionally I > think) exploits a bug in the code that implements the passing of > descriptors across Unix domain datagram sockets. If there is a failure in > the middle of the operation, there is an extra reference to the descriptor > which is being passed that gets orphaned. The reason I think this exploit > is unintentional in FreeBSD >= 3.1, is that it exploits another bug in > older versions of FreeBSD that pretty quickly provokes a panic. The > descriptor leak takes longer to DoS the machine. > > BTW, should someone prepare a patch for both bugs in 2.2.X? I was just gonna suggest this. We still use 2.x-stable in the production enviroment. > > I haven't observed the other leak. It looks like a problem with stream > sockets. > -- dima To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message