On Thu, Aug 18, 2005 at 04:03:59PM +0300, Maxim Sobolev wrote: +> > +> >Here is the patch: +> > +> > http://people.freebsd.org/~pjd/patches/cryptodev.c.patch +> > +> >And this bug actually is a local DoS on machines which have HW crypto +> > +> >and crytodev.ko loaded. +> > +> +> > +> +> > +> Thanks! It fixes my RELENG_6 machine. I guess this goes all the way back to RELENG_4 as well then no ? +> > +> > Most likely... +> +> It probably worth a security advisory. It's only a local DoS on systems with crypto HW and /dev/crypto. Note that /dev/crypto is not needed for fast_ipsec(4) with HW acceleration, nor for geli(8). Workaround is also very simple: # chmod 600 /dev/crypto or: # kldunload cryptodev and you can still do crypto work in software. Administrators should not forget about jails as well, where /dev/crypto is visible by default. -- Pawel Jakub Dawidek http://www.wheel.pl pjd_at_FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am!
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:41 UTC