Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 31 Dec 2001 11:31:55 -0500 (EST)
From:      Michael Scheidell <scheidell@secnap.net>
To:        Stefan Esser <se@FreeBSD.org>
Cc:        hackers@FreeBSD.org, deraison@cvs.nessus.org
Subject:   Re: Re: userland program panics freebsd 4.3
Message-ID:  <200112311631.fBVGVtZ45017@scanner.secnap.net>
In-Reply-To: <20011231165828.D2301@StefanEsser.FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
> 
> 	http://www.FreeBSD.org/cgi/query-pr.cgi?pr=32681
> 
> The cause is a NULL pointer dereference in that fstatfs system 
> call, where some pointer hanging off a vnode is cleared. Nessusd
> tries to read from /proc/PID (for PID = process IDs of plugins
> spawned) in order to see whether some plugin is still running.
> (The second method, used only if there is no PROCFS, is to call
> kill(PID, 0), which will check if a signal could be delivered.
> That method should probably be prefered to the reading of procfs
> anyway, since the latter takes 5 system calls instead of a single
> one in the case of kill() ...)

would this patch fix it on the nessus side?, and it SEEMS to be faster.
also, several 'core dumps' listed on nessusd.messages werein fact programs
that also were listed as finished.

cd ../nessus-core/nessusd

--- utils.c.orig        Mon Dec 17 12:02:23 2001
+++ utils.c     Mon Dec 31 11:20:12 2001
@@ -898,6 +898,9 @@
  if(!pid)
    return 0;

+#ifndef FREEBSD
+## panics FREEBSD 4.3 and 4.4, might be fixed in FREEBSD 4.5
+
  /*
   * First method : attempt to open /proc/<pid>
   * (we first check that we can open /proc/ourpid because
@@ -917,6 +920,7 @@
  else return 0;
  }

+#endif
   /*
    * Second method, we attempt to use kill. But first, we
    * wait() for the process, just in case it's a zombie.




-- 
Michael Scheidell
Secnap Network Security, LLC
scheidell@secnap.net 1+(561) 368-9561
See updated IT Security News at http://www.fdma.com/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200112311631.fBVGVtZ45017>