[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040622181322.3795.0@argo.troja.mff.cuni.cz>
From: peak at argo.troja.mff.cuni.cz (Pavel Kankovsky)
Subject: SpenderSEC Advisory #1
On Sun, 20 Jun 2004 spendersec@....hush.com wrote:
> The first major problem is present in the OpenBSD patch in at [1],
> where the failure of falloc() results in a continuation of the loop,
> which can update the value of the error variable, resulting in either
> fd 0 or fd 1 not being correctly reopened to /dev/null while a
> successful falloc() for fd 2 sets error to a suitable value.
Old news, Mr Spender(?),
see http://www.securityfocus.com/archive/1/10147/1998-07-25/1998-07-31/2
or http://seclists.org/lists/bugtraq/1998/Jul/0376.html
> Hmm. In theory, yes. But OpenBSD implementation seems to have a
> potential small hole. It should abort when it cannot fix everything
> but it does not. PERHAPS, a temporary resource starvation could break
> it.
This was sent that to Bugtraq (and cc'ed to Theo de Raadt) in 1998.
--Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."
Powered by blists - more mailing lists