Ten Year Old "Critical" Bug Discovered In OpenBSD

Written by Michael Larabel in BSD on 6 October 2014 at 02:48 PM EDT. 40 Comments
BSD
While OpenBSD generally prides itself on being a secure, open-source operating system and focusing more on code corectness and security rather than flashy features, it turns out a potential security bug has been living within OpenBSD for the past decade.

Phoronix German reader "FRIGN" wrote in to Phoronix this afternoon with a subject entitled, "10 year old critical bug in OpenBSD discovered." He pointed out a post today about a bug discovered in OpenBSD's polling subsystem that could allow DDoS-style attacks on servers, "a critical bug in the polling-subsystem in OpenBSD has been uncovered which allows DDoS-attacks on servers using a non-standard derivation from the POSIX-standard in marking file descriptors non-readable when they should return EOF."

The post pointed out is this message by Dimitris Papastamos, "I am using select(2) on a FIFO fd and monitoring for readability. select(2) doesn't return after the writer exits. The same piece of code marks the fd as readable on Linux."

It appears this issue has been around since February of 2004 with this commit, "FIFO fixes adapted from FreeBSD."
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week