Re: Local Denial-of-Service attack against Linux

[sullivan () SIKUREZZA ORG (Gigi Sullivan)]

Aiee:)

        Hello!

>       The issues causing this DoS are apparently more complex than it
> may appear, I have followed the discussion in the Linux kernel mailing
> list.  There is a patch for the exploit in 2.2.15pre-16 and it is a
> noteworthy amount of code.
>
> Jeff

        Well, as I said in my previous post, I did the patch, but I said
        that I'm not sure if my patch is the `right way to do it'.

        However, I downloaded pre-patch-2.2.15pre-16 from
        ftp.kernel.org/pub/linux/kernel/people/alan and this was the patch I found:

        diff -u --new-file --recursive --exclude-from /usr/src/exclude linux.vanilla
/net/unix/af_unix.c linux.15pre16/net/unix/af_unix.c
--- linux.vanilla/net/unix/af_unix.c   Sat Aug 14 02:27:46 1999
+++ linux.15pre16/net/unix/af_unix.c   Tue Mar 28 17:27:52 2000
@@ -969,6 +969,10 @@
         return -ENOTCONN;
   }

+  err = -EMSGSIZE;
+  if (len > sk->sndbuf)
+     goto out;
+
   if (sock->passcred && !sk->protinfo.af_unix.addr)
      unix_autobind(sock);

        And this isn't so different from my one (except the fact that I
        check len > sk->sndbuff - 16, thus limiting the sending buffer.
        [so in that I was wrong]).

Thx a lot!

bye bye

                                                                -- gg sullivan


--
Lorenzo Cavallaro       `Gigi Sullivan' <sullivan () sikurezza org>

Until I loved, life had no beauty;
I did not know I lived until I had loved. (Theodor Korner)