Bugtraq mailing list archives

Re: Fw: Insufficient allocations in net/unix/garbage.c (fwd)

From: alan () LXORGUK UKUU ORG UK (Alan Cox)
Date: Thu, 4 Dec 1997 14:06:49 +0000

Kernels 2.0.x do not sufficiently allocate space for the internal stack
used for garbage collection on unix domain sockets.  I have neither
examined nor tested 2.1.x kernels.


Two things to note. 1. It does for the standard system configuration which is
1024 fd's so only a custom tuned box is vulnerable, and 2 the fix is vulnerable
to deadlocks. Swap the kmalloc/kfree for vmalloc/vfree as I did when I fixed
this in 2.1 a while ago and all will be well


And yes - its a real bug. I'll try and see its officially buried for all cases
in 2.0.33

Current thread:

Linux inetd.. moOd (Nov 30)
- Re: Linux inetd.. Aleph One (Dec 01)
  - an detailed explaination why land attack works? Feiyi Wang (Nov 29)
    - Possible Solaris 2.6 hole at(1M) sp00n (Dec 02)
    - Re: Possible Solaris 2.6 hole at(1M) Casper Dik (Dec 04)
    - Re: an detailed explaination why land attack works? Bill Paul (Dec 03)
    - Fw: Insufficient allocations in net/unix/garbage.c (fwd) Phillip R. Jaenke (Dec 03)
    - Re: Fw: Insufficient allocations in net/unix/garbage.c (fwd) Alan Cox (Dec 04)
    - Sun Security Bulletin #00159 (fwd) Howie (Dec 03)
    - Sun Security Bulletin #00160 (fwd) Howie (Dec 03)
    - Q165005: Windows NT Slows Down Due to Land Attack Aleph One (Dec 04)
    - Q177539: Windows 95 Stops Responding Because of Land Attack Aleph One (Dec 04)
  - More telnet Daemon Fun Aaron Campbell (Dec 01)
    - Re: More telnet Daemon Fun Elliot Lee (Dec 02)
    - tcsh/Solaris (Re: More telnet Daemon Fun) Peter Radcliffe (Dec 03)
    - scoterm exploit Aleph One (Dec 04)
  - Re: Linux inetd.. Alan Cox (Dec 02)
    - Re: Linux inetd.. Darren Reed (Dec 02)

(Thread continues...)