Full Disclosure mailing list archives
THREATCON back up!
From: silvio () big net au (silvio () big net au)
Date: Mon, 30 Sep 2002 00:04:17 -0700
ok.. THREATCON(tm) is back up after resolving the previous segv issuess. unfortunately - one of our research boxes was denial of serviced when it ran out of file descriptors. openbsd/src/sbin/ancontrol/ancontrol.c has some code that does this main if (s) close(s); return (0); well.. here at THREATCON research labs, we use execve wrappers around this binary, where we do a close(0) to cut down on file descriptor usage, before exec. for the above program, we noticed that the above close(s) didn't actually close the socket because 0 is a valid file descriptor - and was returned from a socket call, after we did the close(0) also what about -1 in the above code? erm, nevermind. the recommended patch is to remove the condition competely, since before that it will exit() if socket() fails (where it checks for s < 0). also. it is suspected that some code out there does fd checks like this if (fd <= 0) failure this is noteably incorrect, because as stated prior, 0 is a valid fd. I recommend full auditing of all error checking associated with obtaining a fd! THREATCON status of "gravelly road", did not change with the release of this advisory. -- Silvio
Current thread:
- THREATCON back up! silvio () big net au (Sep 30)
- THREATCON back up! Ka (Sep 30)