Subject: Re: kern/34873 (sendmsg() can cause kernel panic)
To: None <netbsd-bugs@netbsd.org>
From: Christian Biere <christianbiere@gmx.de>
List: netbsd-bugs
Date: 10/23/2006 20:53:59
Elad Efrat wrote:
> Rui Paulo wrote:
> > On Oct 23, 2006, at 11:38 AM, elad@netbsd.org wrote:
> >> Synopsis: sendmsg() can cause kernel panic
> > I'm handling this as a security issue, and no, I haven't been slackin'.

> so you're stalling fix to a security issue that was already fixed in
> other operating systems for bureaucratic reasons?

Is this really a security issue? In a way it certainly is. However, others like
FreeBSD - and OpenBSD I think too - handle these kind of bugs merely as "errata".
In other words, they don't consider local denial of service attacks - which are
even unavoidable on a bug-free system anyway - not worth a security advisory.
At least, that's how I understand "handling this as security issue".

Correct me if I'm wrong, but in this case, the panic occurs only if DIAGNOSTIC
is enabled which is not the case in any GENERIC kernels.

For example, I have reported similar issues in the past. On the one hand, some
of these have (rather recently) be considered worthy formal security
advisories. On the other hand, very similar issues were handled like normal
bugs. Further, I have an open PR in the same domain which causes a local DoS as
well and/or a panic. I'd think publishing an advisory whilst one of these is
still open is even less useful.

-- 
Christian