From owner-freebsd-current@FreeBSD.ORG Sun Dec 18 12:44:51 2005 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 38BB816A41F; Sun, 18 Dec 2005 12:44:51 +0000 (GMT) (envelope-from dunstan@freebsd.czest.pl) Received: from freebsd.czest.pl (freebsd.czest.pl [80.48.250.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id C632B43D6E; Sun, 18 Dec 2005 12:44:41 +0000 (GMT) (envelope-from dunstan@freebsd.czest.pl) Received: from freebsd.czest.pl (freebsd.czest.pl [80.48.250.4]) by freebsd.czest.pl (8.12.10/8.12.9) with ESMTP id jBICl7Px080025; Sun, 18 Dec 2005 12:47:07 GMT (envelope-from dunstan@freebsd.czest.pl) Received: (from dunstan@localhost) by freebsd.czest.pl (8.13.4/8.12.9/Submit) id jBICl7E1080024; Sun, 18 Dec 2005 12:47:07 GMT (envelope-from dunstan) Date: Sun, 18 Dec 2005 12:47:06 +0000 From: "Wojciech A. Koszek" To: "Simon L. Nielsen" Message-ID: <20051218124706.GB79822@FreeBSD.czest.pl> References: <20051216133448.GA10382@beastie.creo.hu> <20051216151016.GE84442@deviant.zoral.local> <20051218084541.GA54909@tehran.lain.pl> <20051218105421.GB860@zaphod.nitro.dk> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline In-Reply-To: <20051218105421.GB860@zaphod.nitro.dk> User-Agent: Mutt/1.4.2.1i Cc: Stanislaw Halik , freebsd-current@freebsd.org, Xin LI Subject: Re: Easy DoS X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Dec 2005 12:44:51 -0000 On Sun, Dec 18, 2005 at 11:54:22AM +0100, Simon L. Nielsen wrote: > On 2005.12.18 09:45:41 +0100, Stanislaw Halik wrote: > > Xin LI wrote: > > > Patch looks good so I have committed it as sys/kern/sys_pipe.c,v > > > 1.185. Thanks for the submission! > > > > any chances on getting a fast backport to RELENG_6_0? > > For that to happen it need to be in RELENG_6 for a while to make sure > nothing is broken by the change and then an Errata Notice has to be > made for the issue. That said, it sounds like a good candidate for an > Errata Notice. If you release a notice, large number of problems will by silently marked as "skipped", since they have neither had their entries in Release Notes, nor have been released as a separate errata. The problem with bugs like that comes over and over again. I have reported two local DoSes and none of them was a reason for releasing an errata. They were (quite) serious: http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/net/if.c?rev=1.199.2.12&content-type=text/x-cvsweb-markup http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/net/if_clone.c?rev=1.6&content-type=text/x-cvsweb-markup Also problem with PECOFF handling resulted in local DoS, but I agree it's not worth documenting, since it's not included by default. I remember those problems were also serious and involved similar discussion: http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/fs/devfs/devfs_vnops.c?rev=1.128&content-type=text/x-cvsweb-markup http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/kern/imgact_shell.c?rev=1.31&content-type=text/x-cvsweb-markup http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/kern/imgact_shell.c?rev=1.35&content-type=text/x-cvsweb-markup http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/opencrypto/cryptodev.c?rev=1.25.2.1&content-type=text/x-cvsweb-markup (even applicable to RELENG_4): http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/opencrypto/cryptodev.c?rev=1.4.2.5&content-type=text/x-cvsweb-markup There was a plan of updating security page to note, which type of problems needs to be coordinated with security officer (local DoSes does not) and which type of problems classifies for an errata. Is it still on someone's TODO? Regards, -- * Wojciech A. Koszek && dunstan@FreeBSD.czest.pl