Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1999_1

Bugtraq archives for 1st quarter (Jan-Mar) 1999: Re: NetBSD Security Advisory 1999-001: select(2)/accept(2) race

Re: NetBSD Security Advisory 1999-001: select(2)/accept(2) race

Casper Dik (casperHOLLAND.SUN.COM)
Mon, 25 Jan 1999 15:25:46 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Spikeman: "Mirc 5.5 'DCC Server' hole"
Previous message: Seth McGann: "Re: Advisory: IIS FTP Exploit/DoS Attack"
In reply to: Alan Cox: "Re: NetBSD Security Advisory 1999-001: select(2)/accept(2) race"

>> 2) Modify the kernel to not remove sockets from the accept(2) queue
>>    when they are closed.  A change that implements this has been added
>>    to NetBSD-current, and is available at:
>>        ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/patches/19990120-accept
>>
>
>This method works well btw. Linux has always done this, (by happy chance). Im
>_amazed_ this bug exists. It was documented/abused/used/fixed in so many
>different places at different times even back in 1990/1991 or so


The same happy coincidence happens in Solaris; accept() done when the
connection is already closed causes an EPROTO error.  (I'd need to check
whether that error disappeared again when native socket calls were
implemented)

Casper

Next message: Spikeman: "Mirc 5.5 'DCC Server' hole"
Previous message: Seth McGann: "Re: Advisory: IIS FTP Exploit/DoS Attack"
In reply to: Alan Cox: "Re: NetBSD Security Advisory 1999-001: select(2)/accept(2) race"