Locally exploitable races in OpenBSD VFS

my apologies if it ends up submitted twice Let's start with the trivial: good old aliasing bugs. Example 1: dup2 vs. close. Relevant file: kern/kerndescrip.c sysdup2p, v, retval struct proc p; void v; registert retval; snip if uintold = fdp-fdnfiles || fdp-fdofilesold == NULL || uintnew =...