Full Disclosure mailing list archives
Re: SpenderSEC Advisory #1
From: Pavel Kankovsky <peak () argo troja mff cuni cz>
Date: Tue, 22 Jun 2004 18:35:11 +0200 (MET DST)
On Sun, 20 Jun 2004 spendersec () mac hush com wrote:
The first major problem is present in the OpenBSD patch in at [1], where the failure of falloc() results in a continuation of the loop, which can update the value of the error variable, resulting in either fd 0 or fd 1 not being correctly reopened to /dev/null while a successful falloc() for fd 2 sets error to a suitable value.
Old news, Mr Spender(?), see http://www.securityfocus.com/archive/1/10147/1998-07-25/1998-07-31/2 or http://seclists.org/lists/bugtraq/1998/Jul/0376.html
Hmm. In theory, yes. But OpenBSD implementation seems to have a potential small hole. It should abort when it cannot fix everything but it does not. PERHAPS, a temporary resource starvation could break it.
This was sent that to Bugtraq (and cc'ed to Theo de Raadt) in 1998. --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation." _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- SpenderSEC Advisory #1 spendersec (Jun 20)
- Re: SpenderSEC Advisory #1 Pavel Kankovsky (Jun 22)
- search engine proxy Geo. (Jun 23)
- Re: search engine proxy roman . kunz (Jun 23)
- RE: search engine proxy Geo. (Jun 23)
- AW: search engine proxy iss (Jun 23)
- Re: search engine proxy Aditya, ALD [ Aditya Lalit Deshmukh ] (Jun 23)
- Re: search engine proxy Nate Campi (Jun 23)
- search engine proxy Geo. (Jun 23)
- Re: SpenderSEC Advisory #1 Pavel Kankovsky (Jun 22)