soup4you2
August 20th, 2003, 17:42
An improper bounds check in the semget(2) system call can allow a
local user to cause a kernel panic. No privilege escalation is
possible, the attack simply runs the kernel out of memory. The bug
was introduced in OpenBSD 3.3, previous versions of OpenBSD are
unaffected.

The bug has been fixed in OpenBSD-current as well as the 3.3 stable
branch. In addition, a patch is available for OpenBSD 3.3:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/002_semget.patch

Credit goes to blexim for finding and reporting the problem.

Strog
August 20th, 2003, 17:55
I was just coming over here to post that.

Foiled again :twisted:

tarballed
August 20th, 2003, 17:56
FUN TIMES! Get to practice my patching here at work. Woot!

Coincidently, i've been meaning to ask this for some time now. I received this when I went to patch my machine by doing the standard way suggested in the OpenBSD FAQ:

blowfish# patch -p0 < /tmp/002*
Hmm... Looks like a unified diff to me...
The text leading up to this was:
--------------------------
|Apply by doing:
| cd /usr/src
| patch -p0 < 002_semget.patch
|
|And then rebuild your kenel and reboot, e.g.
| cd sys/arch/`machine`/conf
| config GENERIC
| cd ../compile/GENERIC
| make depend bsd
| mv /bsd /bsd.old
| cp bsd /
| reboot
|
|Index: sys/kern/sysv_sem.c
|diff -u sys/kern/sysv_sem.c:1.16 sys/kern/sysv_sem.c:1.16.2.1
|--- sys/kern/sysv_sem.c:1.16 Mon Jan 6 17:34:41 2003
|+++ sys/kern/sysv_sem.c Wed Aug 20 14:16:41 2003
--------------------------
File to patch:

Ok...obviously, im missing something. But what?
Last week, I downloaded the src.tar.gz tarball and extracted it into /usr

Oh hmm....any ideas on what im missing? I must be blind because I sure feel that way today. :(

Tarballed[/quote]

tarballed
August 20th, 2003, 17:58
Oh, forgot to mention.

In reading the directions in the patch, I dont have a sys directory inside my /usr/src
:shock:

Ooof...Hey, but its great to learn!!

I just ordered that Absolute OpenBSD book last night for my B-day on Sunday...im hoping to retire the newbie status here quickly. hehehe

Tarballed

v902
August 20th, 2003, 18:03
Heh, good timing actually :D My Hard Drive got wiped (My parents are very very sadistic and hate me) so I'm just gonna do a netinstall and it's fixed (I believe, they do patch the packages right?)

Strog
August 20th, 2003, 18:07
vlad902:

A release is frozen but you could grab stable from cvs or just grab a binary snapshot if you don't mind a little current action. Current is now marked 3.4beta so maybe it is a good time to take a look at it.

tarballed
August 20th, 2003, 18:16
Could that error mean that im missing parts of the source tree?
That is about the only thing I can think of right now.
What strikes me as odd though, if that is the case, is I did download the source tree from openbsd. ftp site....

Anyone care to fill a n00bie in... :oops:

Tar

v902
August 20th, 2003, 19:26
vlad902:

A release is frozen but you could grab stable from cvs or just grab a binary snapshot if you don't mind a little current action. Current is now marked 3.4beta so maybe it is a good time to take a look at it.

Damn you're right, I remember like 2 weeks before 3.3 came out and the sendmail exploit came out and they changed it, I was thinking about that but that was like 1-2 weeks before it came out :/ The laziness that is me :D

cod3fr3ak
August 20th, 2003, 20:21
Sorry tarballed, I have not generated enough courage or time to find out how to patch properly... :(

elmore
August 20th, 2003, 20:31
if your setting up production OBSD boxes you should really set up a make release box and patch that way. Just a thought. man release and look at minons how-to.

tarballed
August 20th, 2003, 20:37
thanks elmore...

I'll take a look at man release and have a looksie.

Thanks.

T.

tarballed
August 21st, 2003, 13:57
You know, I have to say.

*BSD man pages are 1000% better than Linux man pages.
I just got finished reading over 'man release' for my OpenBSD box and the help in *BSD is night and day over Linux...

Being that we run a lot of Linux boxes here at work, I am constantly flipping through man pages, trying to find what I need.

Here, I flip to one man page and it clearly explains everything...

I really can see why *BSD blows doors on Linux in so many areas. Granted, Linux is not a bad OS and it is much better than Windows, but compared to *BSD, im really starting to see the 'light'.

Just thought i'd share this.

Tarballed

tarballed
August 21st, 2003, 14:43
Just a quick question. I'm following the 'man release' instructions as I prepare my OpenBSD box for a production environment.

However, I received a problem when I went to grab the tree:

$ cd /usr/src && cvs up -r OPENBSD_3_3_BASE -Pd
? lib/libc/md4hl.c
? lib/libc/md5hl.c
cvs [update aborted]: cannot remove file CVS/Entries.Static: Permission denied


Maybe, instead I use OPENBSD_3_3 and exclude the BASE?

Hmm..

Tman

frisco
August 22nd, 2003, 03:58
$ cd /usr/src && cvs up -r OPENBSD_3_3_BASE -Pd
? lib/libc/md4hl.c
? lib/libc/md5hl.c
cvs [update aborted]: cannot remove file CVS/Entries.Static: Permission denied


Maybe, instead I use OPENBSD_3_3 and exclude the BASE?


OPENBSD_3_3_BASE is what was frozen when 3.3 was released. This will never change once 3.3 is released. OPENBSD_3_3 is the -stable branch. This will change. You want to get OPENBSD_3_3. Getting OPENBSD_3_3_BASE is equivalent to downloading src.tar.gz from ftp.openbsd.org/pub/OpenBSD/3.3/src.tar.gz If all you want is BASE, getting the src from ftp will be faster and kinder on the cvs server (ftp is less resource intensive than cvs).

The error you are seeing will be there regardless of which tag you use. The error is "Permission denied", which indicates that the user you are running cvs as does not have permission to overwrite some files in that tree. Look at the permissions on the CVS/Entries.Static file and the uid of your current user, these probably do not match.

Disclaimer: I am currently suffering from severe sleep deprivation.

tarballed
August 22nd, 2003, 18:53
Thanks Frisco...so far it appears to be working...following the directions in 'man release'...

Just came across something that I did not expect and thought i'd post it here:

base: maketars[34]: cannot create /usr/RELEASE/release=/base33.tgz: No such file or directory
pax: Failed write to archive volume: 1: Broken pipe

ATTENTION! pax archive volume change required.
Ready for archive volume: 1
Input archive name or "." to quit pax.

Anything look out of the ordinary? Can I just name it whatever I want?

Just thought i'd ask...

Tar

frisco
August 22nd, 2003, 20:48
What's your RELEASEDIR set to? run `echo $RELEASEDIR`

I'm guessing it's a problem with that var being set incorrectly.

tarballed
August 25th, 2003, 12:32
Hello guys...back from a long weekend...

Yes...looks like that is the problem frisco..i do not have a RELEASEDIR defined...

[code:1:bc800ce515]blowfish# echo $RELEASEDIR
RELEASEDIR: Undefined variable.[/code:1:bc800ce515]

Also appears that I put the RELEASEDIR under /usr..

Just out of curiosity, anyway to start over? :)

Tarballed