Hi, Ted Unangst wrote on Sun, Jul 19, 2015 at 10:26:19AM -0400: > Sevan Janiyan wrote:
>> The feature was actually added to ensure whatever cat was meant >> to be reading from was indeed a plain file and not another >> which could block a process. >> "Use cat -f to avoid denial of service attacks by people >> who make .rhosts files fifos." >> http://mail-index.netbsd.org/source-changes/2000/01/14/0069.html > hmm, well, security(8) in openbsd is a perl script that doesn't > exec cat, so this wouldn't help solve that problem. > > now, looking at security, it seems there may be an issue > if it tries to open a blocking file, but that will need > solving there, not in cat. I don't think we are vulnerable. If my analysis is accurate, the only user-controlled files we open in security(8) are ~/.rhosts and ~/.shosts in check_rhosts_content(). However, there is next unless -s $filename; right before the open(), and for fifos, -s returns false: Both test(1) and perl(1) consider fifos zero-length, so security(8) won't attempt to open such fifos. I confirmed that by creating such a fifo in my home directory, and security(8) did not hang, but it did complain about some permissions on the fifo. So, i don't see any need for action at this point. (Andrew, do you agree?) Yours, Ingo
