Contributed by jose on from the patch--p0-<-file.patch dept.
An insufficient boundary check in the select(2) system calls allows an attacker to overwrite kernel memory and execute arbitrary code in kernel context.The patch has been rolled into 3.1-stable, is also available as patch 31 for OpenBSD-3.0 users. Directions on how to apply the patch are in the patchfile itself.
Update Looks like poll(2) is not affected, and Niels Provos has posted a security advisory about this , as well.
(Comments are closed)
By Anonymous Coward () on
Comments
By Anonymous Coward () on
By jose () on http://www.monkey.org/~jose/
By Anonymous Coward () on
By Anonymous Coward () on
Comments
By Josh () josh@greentechnologist.org on http://www.greentechnologist.org
It's the least resource intensive way to keeping up to date.
By Anonymous Coward () on
how many more have been _introduced_ into OpenBSD?
Comments
By Anonymous Coward () on
Go bitch on someone else's boards.
By Anonymous Coward () on
Comments
By Anonymous Coward () on
By Anonymous Coward () on
Comments
By emcis () on
By Anonymous Coward () on
We make fun of dumb OSes like Windows for having the gui built into the kernel, but in some sense, having nfs, or even tcp/ip itself built into the kernel is equally dumb, from a design point of view. There were performance reasons why things had to be done that way but I'm not sure if it matters anymore.
I'm looking forward to being able to try out the Hurd on production stuff, as a possible alternative to OpenBSD, for some uses.
Comments
By Bruce () on
The big drawback of this is that it means you have to do a lot of messaging and even worse a lot of context switching to get anything done, so there is a performance hit, but it helps with fault isolation.
I see this all the time and usually don't bother responding to it any more, but since I'm procrastinating on my work...
Context switching is not necessarily expensive. QNX's operating systems over the years have always been designed with extremely small kernels (like 8kB or so) which essentially only handle message passing, and exceptionally fast context switches.
I worked with QNX back when the 386 was a good desktop. (Yes, I'm *that* old. Older, even.) XENIX was limited to 30 context switches per second, while QNX handled switches on the order of 10 or 20 microseconds. Have a look at their table of times for their current kernel on modern embedded processors at:
http://www.qnx.com/products/ps_neutrino/features.html
Conclusion? Context switches are slow on most OSes because they weren't designed or optimised for speed, not because they couldn't be.
Comments
By Anonymous Coward () on
By Anonymous Coward () on
By Anonymous Coward () on
I also recognize that there are going to be bugs impacting security no matter how talented and well-intentioned the core developers may be, so I'm not about to get upset about bugs like many people posting here.
What would really make me happy, though, would be if I could buy CDs of the fully patched 'stable' branch between full CD releases. No fancy graphics or stickers, perhaps no ports or packages, just the core OS as fixed-up as possible on one CD. Put it in a sleeve to reduce costs further. Maybe burn it in a CD writer, if the market for this service is too small. Or serve the binaries over the net, with checksums delivered separately.
I know source code is the religion here, but am I the only person who would appreciate the OpenBSD equivalent to 'Windows Update'?
Comments
By pachamama () on
seriously, just compile from source. maybe you'll learn something (only say this because of your stated reason for running OpenBSD).
By Anonymous Coward () on
By Anonymous Coward () on
I run STABLE and Generic Kernel...
A quick and easy update that I can run nightly from cron would be wonderful.
Call me troll... I don't care.
By Anonymous Coward () on
By Gerardo Santana Gómez Garrido () santana@openbsd.org.mx on http://www.openbsd.org.mx/~santana/
By Anonymous Coward () on
Comments
By Anonymous Coward () on
By 9370 () on
http://www.trilug.org/~mike/OpenBSD/
By anonymous () me@you.com on mailto:me@you.com