Easy DoS

Wojciech A. Koszek dunstan at freebsd.czest.pl
Sun Dec 18 04:44:51 PST 2005


On Sun, Dec 18, 2005 at 11:54:22AM +0100, Simon L. Nielsen wrote:
> On 2005.12.18 09:45:41 +0100, Stanislaw Halik wrote:
> > Xin LI <delphij at gmail.com> wrote:
> > > Patch looks good so I have committed it as sys/kern/sys_pipe.c,v
> > > 1.185.  Thanks for the submission!
> > 
> > any chances on getting a fast backport to RELENG_6_0?
> 
> For that to happen it need to be in RELENG_6 for a while to make sure
> nothing is broken by the change and then an Errata Notice has to be
> made for the issue.  That said, it sounds like a good candidate for an
> Errata Notice.

If you release a notice, large number of problems will by silently
marked as "skipped", since they have neither had their entries in
Release Notes, nor have been released as a separate errata. The problem
with bugs like that comes over and over again. I have reported two local
DoSes and none of them was a reason for releasing an errata. They were
(quite) serious:

http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/net/if.c?rev=1.199.2.12&content-type=text/x-cvsweb-markup
http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/net/if_clone.c?rev=1.6&content-type=text/x-cvsweb-markup

Also problem with PECOFF handling resulted in local DoS, but I agree
it's not worth documenting, since it's not included by default. I
remember those problems were also serious and involved similar
discussion:

http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/fs/devfs/devfs_vnops.c?rev=1.128&content-type=text/x-cvsweb-markup
http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/kern/imgact_shell.c?rev=1.31&content-type=text/x-cvsweb-markup
http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/kern/imgact_shell.c?rev=1.35&content-type=text/x-cvsweb-markup
http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/opencrypto/cryptodev.c?rev=1.25.2.1&content-type=text/x-cvsweb-markup
(even applicable to RELENG_4):
http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/opencrypto/cryptodev.c?rev=1.4.2.5&content-type=text/x-cvsweb-markup

There was a plan of updating security page to note, which type of
problems needs to be coordinated with security officer (local DoSes does
not) and which type of problems classifies for an errata. Is it still on
someone's TODO?

Regards,
-- 
* Wojciech A. Koszek && dunstan at FreeBSD.czest.pl


More information about the freebsd-current mailing list