Ten Year Old "Critical" Bug Discovered In OpenBSD
While OpenBSD generally prides itself on being a secure, open-source operating system and focusing more on code corectness and security rather than flashy features, it turns out a potential security bug has been living within OpenBSD for the past decade.
Phoronix German reader "FRIGN" wrote in to Phoronix this afternoon with a subject entitled, "10 year old critical bug in OpenBSD discovered." He pointed out a post today about a bug discovered in OpenBSD's polling subsystem that could allow DDoS-style attacks on servers, "a critical bug in the polling-subsystem in OpenBSD has been uncovered which allows DDoS-attacks on servers using a non-standard derivation from the POSIX-standard in marking file descriptors non-readable when they should return EOF."
The post pointed out is this message by Dimitris Papastamos, "I am using select(2) on a FIFO fd and monitoring for readability. select(2) doesn't return after the writer exits. The same piece of code marks the fd as readable on Linux."
It appears this issue has been around since February of 2004 with this commit, "FIFO fixes adapted from FreeBSD."
Phoronix German reader "FRIGN" wrote in to Phoronix this afternoon with a subject entitled, "10 year old critical bug in OpenBSD discovered." He pointed out a post today about a bug discovered in OpenBSD's polling subsystem that could allow DDoS-style attacks on servers, "a critical bug in the polling-subsystem in OpenBSD has been uncovered which allows DDoS-attacks on servers using a non-standard derivation from the POSIX-standard in marking file descriptors non-readable when they should return EOF."
The post pointed out is this message by Dimitris Papastamos, "I am using select(2) on a FIFO fd and monitoring for readability. select(2) doesn't return after the writer exits. The same piece of code marks the fd as readable on Linux."
It appears this issue has been around since February of 2004 with this commit, "FIFO fixes adapted from FreeBSD."
40 Comments