lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Fri, 20 Apr 2007 16:58:24 -0700 (PDT)
From:	David Miller <>
Subject: Re: [PATCH 3/4] PPPOE: memory leak when socket is release()d
 before PPPIOCGCHAN has been called on it

From: Michal Ostrowski <>
Date: Tue, 13 Mar 2007 09:09:34 -0500

> below you find a patch that fixes a memory leak when a PPPoE socket is
> release()d after it has been connect()ed, but before the PPPIOCGCHAN ioctl
> ever has been called on it.
> This is somewhat of a security problem, too, since PPPoE sockets can be
> created by any user, so any user can easily allocate all the machine's
> RAM to non-swappable address space and thus DoS the system.
> Is there any specific reason for PPPoE sockets being available to any
> unprivileged process, BTW? After all, you need a packet socket for the
> discovery stage anyway, so it's unlikely that any unprivileged process
> will ever need to create a PPPoE socket, no? Allocating all session IDs
> for a known AC is a kind of DoS, too, after all - with Juniper ERXes,
> this is really easy, actually, since they don't ever assign session ids
> above 8000 ...
> Signed-off-by: Florian Zumbiehl <>
> Acked-by: Michal Ostrowski <>

Applied to net-2.6.22
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to
More majordomo info at

Powered by blists - more mailing lists