Bugtraq mailing list archives

Re: Serious Linux 2.0.34 security problem

From: alan () LXORGUK UKUU ORG UK (Alan Cox)
Date: Wed, 1 Jul 1998 17:07:15 +0100

  fcntl(0,F_SETOWN,p);
  s = fcntl(0,F_GETFL,0);
  fcntl(0,F_SETFL,s|O_ASYNC);
  printf("Sending SIGIO - press enter.\n");
  getchar();
  fcntl(0,F_SETFL,s&~O_ASYNC);
  printf("SIGIO send attempted.\n");
  return 0;
}


Well, that looks like one of the class of security problems described
by www.openbsd.org/advisories/signals.  Hasn't anyone else fixed those
problems yet?


Of course Theo if you actually bothered to look back at the Linux sources
you'd see thats an error that crept in and we had SIGIO right way before
the old advisories that predate OpenBSD.

Alan

Current thread:

Re: Serious Linux 2.0.34 security problem Theo de Raadt (Jun 30)
- Re: Serious Linux 2.0.34 security problem Alan Cox (Jul 01)
- 1998 USENIX Annual Technical Conference - Call for Papers Jackson Dodd (Jul 01)
- <Possible follow-ups>
- Re: Serious Linux 2.0.34 security problem Liviu Daia (Jul 01)