[9197] in bugtraq
Re: NetBSD Security Advisory 1999-001: select(2)/accept(2) race
daemon@ATHENA.MIT.EDU (Casper Dik)
Mon Jan 25 13:07:57 1999
Date: Mon, 25 Jan 1999 15:25:46 +0100
Reply-To: Casper Dik <casper@HOLLAND.SUN.COM>
From: Casper Dik <casper@HOLLAND.SUN.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Your message of "Sun, 24 Jan 1999 00:40:33 GMT."
<m104DbN-0007U2C@the-village.bc.nu>
>> 2) Modify the kernel to not remove sockets from the accept(2) queue
>> when they are closed. A change that implements this has been added
>> to NetBSD-current, and is available at:
>> ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/patches/19990120-accept
>>
>
>This method works well btw. Linux has always done this, (by happy chance). Im
>_amazed_ this bug exists. It was documented/abused/used/fixed in so many
>different places at different times even back in 1990/1991 or so
The same happy coincidence happens in Solaris; accept() done when the
connection is already closed causes an EPROTO error. (I'd need to check
whether that error disappeared again when native socket calls were
implemented)
Casper
