Subject: Re: kern/32842: [Local DoS] SCM_RIGHTS can leak file descriptor resources
To: None <netbsd-bugs@netbsd.org>
From: Christian Biere <christianbiere@gmx.de>
List: netbsd-bugs
Date: 09/06/2006 20:03:03
Christian Biere wrote:
>  Christian Biere wrote:
>  > >Synopsis:	SCM_RIGHTS can leak file descriptor resources
>  > When passing a file descriptor of a socket using SCM_RIGHTS over a
>  > unix domain socket (i.e., AF_LOCAL, SOCK_DGRAM) to a non-existing
>  > socket sendmsg() fails with errno = ENOENT.

It might be a good idea to increase priority or severity of this bug.
I suspect the synopsis is misleading because it does not make clear
that this is a system-wide file descriptor leak as opposed to a
comparatively harmless and common leak in some application.

This bug should be considered as severe as any other local denial of
service vulnerability because there is no apparent workaround (except
disabling unix domain sockets through systrace maybe).  Lowering
resource limits won't help as the leak persists beyond the lifetime of
a process.

For your information, I informed OpenBSD through the "tech" mailing
list and received a public response, indicating that OpenBSD suffers
from the same bug. However, as of yet this has not been fixed in
OpenBSD either.

The bug and proposed fix seem rather obvious respectively trivial to
me. It's also a fairly old bug as far as I can see. Therefore, I'm a
bit surprised that this hasn't been fixed yet. This might be in part
my fault due to assigning a too low severity/priority to this report.

-- 
Christian