ok.. THREATCON(tm) is back up after resolving the previous segv issuess.
unfortunately - one of our research boxes was denial of serviced when it
ran out of file descriptors.
openbsd/src/sbin/ancontrol/ancontrol.c
has some code that does this
main
if (s)
close(s);
return (0);
well.. here at THREATCON research labs, we use execve wrappers around
this binary, where we do a close(0) to cut down on file descriptor usage,
before exec. for the above program, we noticed that the above close(s) didn't
actually close the socket because 0 is a valid file descriptor - and
was returned from a socket call, after we did the close(0) also what
about -1 in the above code? erm, nevermind.
the recommended patch is to remove the condition competely, since before that
it will exit() if socket() fails (where it checks for s < 0).
also. it is suspected that some code out there does fd checks like this
if (fd <= 0) failure
this is noteably incorrect, because as stated prior, 0 is a valid fd.
I recommend full auditing of all error checking associated with obtaining
a fd!
THREATCON status of "gravelly road", did not change with the release of this
advisory.
--
Silvio
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
