Diff: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/head/he...

What's with the previous commit about a "DDOS" - it's just changing exit(0) into exit(status)?

There must be more context to that. CVS doesn't have change sets; just from looking at this log, we don't know what else may be related to this.

Maybe some important shell scripts hang in a loop because they expect head to report an unsuccessful termination status when a file doesn't exist. Maybe some situation exists where a privileged system script can be fooled into looping by an unprivileged user.

Here is the mailing list discussion:

https://www.mail-archive.com/misc@openbsd.org/msg132628.html

There is no report of any actual DDoS. Craig Skinner was really just testing tools on nonexistent files!

So the commit comment just follows from some general hypothesis that incorrect exit statuses from tools can be exploited in some way by attackers.

Looks like that's it, and the commit log was probably just sarcastic then. :)