Re: [patch] af_unix fix for a panic a DoS and a memory leak [Re:

Alexander Viro (viro@math.psu.edu)
Tue, 2 Mar 1999 19:50:08 -0500 (EST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Dag Wieers: "RE: [patch] acks delayed and then merged in data-segment sent a"
Previous message: Matija Nalis: "UMSDOS patches against 2.2.2"
In reply to: Jason L Tibbitts III: "Re: 2.2.2 network freezing"

D'oh. I've looked into FreeBSD implementation of AF_UNIX and it's, erm,
funny.
* accept() doesn't return closed connections.
* unp_gc() (their equivalent of unix_gc()) ignores listen queues
* ... and is horribly bad in performance
* connect() behaves as our one does.
* unless they have a limit on amount of unp (== unix_socket)
somewhere else they are vulnerable to Andrea's DoS.
OpenBSD security logs:
They've recently found a select()/accept() race (Feb 17). And
fixed it. We were lucky here. Their fix seems to be still vulnerable to
Andrea's DoS (modulo independent enforcement of unp limit). unp_gc()
ignores listen queues (inherited from 4.4BSD).

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Dag Wieers: "RE: [patch] acks delayed and then merged in data-segment sent a"
Previous message: Matija Nalis: "UMSDOS patches against 2.2.2"
In reply to: Jason L Tibbitts III: "Re: 2.2.2 network freezing"