lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
From: silvio at big.net.au (silvio@....net.au)
Subject: THREATCON back up!

ok.. THREATCON(tm) is back up after resolving the previous segv issuess.

unfortunately - one of our research boxes was denial of serviced when it
ran out of file descriptors.

openbsd/src/sbin/ancontrol/ancontrol.c

has some code that does this

main
	if (s)
		close(s);
	
	return (0);

well.. here at THREATCON research labs, we use execve wrappers around
this binary, where we do a close(0) to cut down on file descriptor usage,
before exec.  for the above program, we noticed that the above close(s) didn't
actually close the socket because 0 is a valid file descriptor - and
was returned from a socket call, after we did the close(0)  also what
about -1 in the above code?  erm, nevermind.

the recommended patch is to remove the condition competely, since before that
it will exit() if socket() fails (where it checks for s < 0).

also. it is suspected that some code out there does fd checks like this

if (fd <= 0) failure

this is noteably incorrect, because as stated prior, 0 is a valid fd.

I recommend full auditing of all error checking associated with obtaining
a fd!

THREATCON status of "gravelly road", did not change with the release of this
advisory.

--
Silvio

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ