Date: Tue, 24 Aug 1999 19:13:46 -0400 (EDT) From: "L. Sassaman" <rabbi@quickie.net> To: FreeBSD Hackers List <freebsd-hackers@FreeBSD.ORG> Cc: Marc Olzheim <marcolz@ilse.nl>, Greg Lynn <dglynn@vaview5.vavu.vt.edu> Subject: testsockbuf.c Message-ID: <Pine.LNX.4.10.9908241900570.1945-100000@thetis.deor.org>
next in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Has anyone worked out a fix for the socketbuffers problem reported by Marc Olzheim? His exploit is here: http://www.stack.nl/~marcolz/testsockbuf.c It was briefly discussed on the freebsd-security and freebsd-stable lists, but no one seemed to have a viable solution. Changing the /etc/login.conf values for the 'maxproc' and 'descriptors' resource limits doesn't change the fact that this program can be uploaded and run as a cgi. It halts FreeBSD 2.2.6, 2.2.8, 3.2.x, as well as variations of OpenBSD and NetBSD. It's only a matter of time before this hits BugTraq and lands in the hands of the skriptz kiddies; does someone with the ability to work out a solution to this problem want to be proactive? L. Sassaman System Administrator | "Even the most primitive society has Technology Consultant | an innate respect for the insane." icq.. 10735603 | pgp.. finger://ns.quickie.net/rabbi | --Mickey Rourke -----BEGIN PGP SIGNATURE----- Version: GnuPG v0.9.10 (GNU/Linux) Comment: OpenPGP Encrypted Email Preferred. iD8DBQE3wycvPYrxsgmsCmoRAmGdAJ0ZkjuNZwXa96GItlnsfZuguQdfWgCgoQk7 hMAVwWA0GGKHaMOJ/HlfiuY= =+oVg -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.10.9908241900570.1945-100000>