Date: Sun, 18 Dec 2005 12:47:06 +0000 From: "Wojciech A. Koszek" <dunstan@freebsd.czest.pl> To: "Simon L. Nielsen" <simon@freebsd.org> Cc: Stanislaw Halik <weirdo@tehran.lain.pl>, freebsd-current@freebsd.org, Xin LI <delphij@freebsd.org> Subject: Re: Easy DoS Message-ID: <20051218124706.GB79822@FreeBSD.czest.pl> In-Reply-To: <20051218105421.GB860@zaphod.nitro.dk> References: <20051216133448.GA10382@beastie.creo.hu> <20051216151016.GE84442@deviant.zoral.local> <a78074950512161033r58ca7c87ycfb97e0b38d64756@mail.gmail.com> <20051218084541.GA54909@tehran.lain.pl> <20051218105421.GB860@zaphod.nitro.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Dec 18, 2005 at 11:54:22AM +0100, Simon L. Nielsen wrote: > On 2005.12.18 09:45:41 +0100, Stanislaw Halik wrote: > > Xin LI <delphij@gmail.com> wrote: > > > Patch looks good so I have committed it as sys/kern/sys_pipe.c,v > > > 1.185. Thanks for the submission! > > > > any chances on getting a fast backport to RELENG_6_0? > > For that to happen it need to be in RELENG_6 for a while to make sure > nothing is broken by the change and then an Errata Notice has to be > made for the issue. That said, it sounds like a good candidate for an > Errata Notice. If you release a notice, large number of problems will by silently marked as "skipped", since they have neither had their entries in Release Notes, nor have been released as a separate errata. The problem with bugs like that comes over and over again. I have reported two local DoSes and none of them was a reason for releasing an errata. They were (quite) serious: http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/net/if.c?rev=1.199.2.12&content-type=text/x-cvsweb-markup http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/net/if_clone.c?rev=1.6&content-type=text/x-cvsweb-markup Also problem with PECOFF handling resulted in local DoS, but I agree it's not worth documenting, since it's not included by default. I remember those problems were also serious and involved similar discussion: http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/fs/devfs/devfs_vnops.c?rev=1.128&content-type=text/x-cvsweb-markup http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/kern/imgact_shell.c?rev=1.31&content-type=text/x-cvsweb-markup http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/kern/imgact_shell.c?rev=1.35&content-type=text/x-cvsweb-markup http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/opencrypto/cryptodev.c?rev=1.25.2.1&content-type=text/x-cvsweb-markup (even applicable to RELENG_4): http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/opencrypto/cryptodev.c?rev=1.4.2.5&content-type=text/x-cvsweb-markup There was a plan of updating security page to note, which type of problems needs to be coordinated with security officer (local DoSes does not) and which type of problems classifies for an errata. Is it still on someone's TODO? Regards, -- * Wojciech A. Koszek && dunstan@FreeBSD.czest.pl
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051218124706.GB79822>