Bugtraq mailing list archives
Re: FreeBSD Security Advisory: FreeBSD-SA-00:19.semconfig
From: deraadt () CVS OPENBSD ORG (Theo de Raadt)
Date: Fri, 26 May 2000 19:06:45 -0600
If you examine the code in NetBSD (which FreeBSD should have done before claiming that NetBSD was vulnerable as claimed in the alert), you will note that if the exiting process is not using semaphores (i.e. has no `sem_undo' structure allocated for it), then the exiting process will not block, but rather semexit() will simply return.
Here in OpenBSD land, we have discovered the same thing: Only processes which are using semaphores get wedged and unable to exit. Once the wedging is undone, those processes exit normally. Processes not using semaphores are unaffected. Our testing shows that FreeBSD complete wedges solid. It looks like they missed a patch merged into NetBSD in 1994 (and which OpenBSD inherited). In any case, a patch is available which stops that behaviour in 2.6, and 2.7 does not have this problem. (2.7 is out June 15, if I didn't say that here, I would probably get 50 questions..) http://www.openbsd.org/errata26.html#semconfig At the moment, we do not care too much that ipcs(1) cannot provide an atomic snapshot of information; many other utilities do not claim atomic information either.
Current thread:
- Re: Foward: FreeBSD Security Advisory: FreeBSD-SA-00:19.semconfig Jason R Thorpe (May 26)
- Re: FreeBSD Security Advisory: FreeBSD-SA-00:19.semconfig Theo de Raadt (May 26)