F_RSETLK vs. F_SETLK puzzle resolved -- it is a kernel bug.

[Eric Ho]

OK, I've been told (and after carefully re-read fcntl(2)) that F_RSETLK is
used by lockd only.  The man pages DIDN'T WARN ordinary users/applications
NOT to use this flag however.

Nevertheless, at the very least, the kernel shouldn't panic and in fact
the kernel (or better barf from libc.a) should barf when this flag is
used.

Well, I guess that it is now all up to Sun to plug this hole.  As of now,
any ordinary users can just write several lines of code and bingo,
crashing the system (all s/he needs to do is to find a nfs-mounted
file/directory that s/he can get to and nobody can stop him/her).

+ Eric Ho                          Email: eric at sbi.com
+ Salomon Brothers, Inc.  [SISS]   Phone: (212) 855-3003