[15088] in bugtraq
Re: FreeBSD Security Advisory: FreeBSD-SA-00:19.semconfig
daemon@ATHENA.MIT.EDU (Theo de Raadt)
Sun May 28 16:03:26 2000
Message-Id: <200005270106.e4R16jD25122@cvs.openbsd.org>
Date: Fri, 26 May 2000 19:06:45 -0600
Reply-To: Theo de Raadt <deraadt@CVS.OPENBSD.ORG>
From: Theo de Raadt <deraadt@CVS.OPENBSD.ORG>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: Your message of "Fri, 26 May 2000 16:48:28 PDT."
<20000526164828.F352@dr-evil.z.zembu.com>
> If you examine the code in NetBSD (which FreeBSD should have done before
> claiming that NetBSD was vulnerable as claimed in the alert), you will
> note that if the exiting process is not using semaphores (i.e. has no
> `sem_undo' structure allocated for it), then the exiting process will
> not block, but rather semexit() will simply return.
Here in OpenBSD land, we have discovered the same thing:
Only processes which are using semaphores get wedged and unable
to exit. Once the wedging is undone, those processes exit
normally.
Processes not using semaphores are unaffected.
Our testing shows that FreeBSD complete wedges solid. It looks like
they missed a patch merged into NetBSD in 1994 (and which OpenBSD
inherited).
In any case, a patch is available which stops that behaviour in 2.6,
and 2.7 does not have this problem. (2.7 is out June 15, if I didn't
say that here, I would probably get 50 questions..)
http://www.openbsd.org/errata26.html#semconfig
At the moment, we do not care too much that ipcs(1) cannot provide an
atomic snapshot of information; many other utilities do not claim atomic
information either.
