Re: NetBSD Security Advisory 1999-001: select(2)/accept(2) race

From: Casper Dik (casperat_private)
Date: Mon Jan 25 1999 - 06:25:46 PST

Next message: DEF CON ZERO WINDOW: "Win98 crash?"

Previous message: Spikeman: "Mirc 5.5 'DCC Server' hole"
Maybe in reply to: D. J. Bernstein: "NetBSD Security Advisory 1999-001: select(2)/accept(2) race"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>> 2) Modify the kernel to not remove sockets from the accept(2) queue
>>    when they are closed.  A change that implements this has been added
>>    to NetBSD-current, and is available at:
>>        ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/patches/19990120-accept
>>
>
>This method works well btw. Linux has always done this, (by happy chance). Im
>_amazed_ this bug exists. It was documented/abused/used/fixed in so many
>different places at different times even back in 1990/1991 or so


The same happy coincidence happens in Solaris; accept() done when the
connection is already closed causes an EPROTO error.  (I'd need to check
whether that error disappeared again when native socket calls were
implemented)

Casper

Next message: DEF CON ZERO WINDOW: "Win98 crash?"
Previous message: Spikeman: "Mirc 5.5 'DCC Server' hole"
Maybe in reply to: D. J. Bernstein: "NetBSD Security Advisory 1999-001: select(2)/accept(2) race"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:30:28 PDT