Simple kernel attack using socketpair.
Ed Schouten
ed at 80386.nl
Sat Nov 27 17:59:53 UTC 2010
On Nov 26, 2010, at 11:26, Ivan Klymenko wrote:
> Rumor has it that this vulnerability applies to FreeBSD too, with the
> replacement SOCK_SEQPACKET on SOCK_DGRAM...
>
> http://lkml.org/lkml/2010/11/25/8
>
> What do you think about this?
I'm not sure, but it seems to be related to some kind of stack overflow in close(), where each close() on a socket generates an additional close() call of the inflight sockets.
--
Ed Schouten <ed at 80386.nl>
WWW: http://80386.nl/
More information about the freebsd-hackers
mailing list