From owner-freebsd-hackers Mon Dec 31 8:32: 7 2001 Delivered-To: freebsd-hackers@freebsd.org Received: from scanner.secnap.net (scanner.secnap.net [216.241.67.74]) by hub.freebsd.org (Postfix) with ESMTP id 7C63A37B427; Mon, 31 Dec 2001 08:31:56 -0800 (PST) Received: (from scheidell@localhost) by scanner.secnap.net (8.11.6/8.11.5) id fBVGVtZ45017; Mon, 31 Dec 2001 11:31:55 -0500 (EST) (envelope-from scheidell) Message-Id: <200112311631.fBVGVtZ45017@scanner.secnap.net> Subject: Re: Re: userland program panics freebsd 4.3 In-Reply-To: <20011231165828.D2301@StefanEsser.FreeBSD.org> To: Stefan Esser Date: Mon, 31 Dec 2001 11:31:55 -0500 (EST) Cc: hackers@FreeBSD.org, deraison@cvs.nessus.org From: Michael Scheidell X-Loop: scheidell@secnap.net X-Mailer: ELM [version 2.4ME+ PL92 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > > http://www.FreeBSD.org/cgi/query-pr.cgi?pr=32681 > > The cause is a NULL pointer dereference in that fstatfs system > call, where some pointer hanging off a vnode is cleared. Nessusd > tries to read from /proc/PID (for PID = process IDs of plugins > spawned) in order to see whether some plugin is still running. > (The second method, used only if there is no PROCFS, is to call > kill(PID, 0), which will check if a signal could be delivered. > That method should probably be prefered to the reading of procfs > anyway, since the latter takes 5 system calls instead of a single > one in the case of kill() ...) would this patch fix it on the nessus side?, and it SEEMS to be faster. also, several 'core dumps' listed on nessusd.messages werein fact programs that also were listed as finished. cd ../nessus-core/nessusd --- utils.c.orig Mon Dec 17 12:02:23 2001 +++ utils.c Mon Dec 31 11:20:12 2001 @@ -898,6 +898,9 @@ if(!pid) return 0; +#ifndef FREEBSD +## panics FREEBSD 4.3 and 4.4, might be fixed in FREEBSD 4.5 + /* * First method : attempt to open /proc/ * (we first check that we can open /proc/ourpid because @@ -917,6 +920,7 @@ else return 0; } +#endif /* * Second method, we attempt to use kill. But first, we * wait() for the process, just in case it's a zombie. -- Michael Scheidell Secnap Network Security, LLC scheidell@secnap.net 1+(561) 368-9561 See updated IT Security News at http://www.fdma.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message