Date: Thu, 02 Dec 2004 10:52:20 +0000 From: Colin Percival <colin.percival@wadham.ox.ac.uk> To: Pawel Jakub Dawidek <pjd@FreeBSD.org> Cc: Colin Percival <cperciva@FreeBSD.org> Subject: Re: cvs commit: src/sys/compat/linprocfs linprocfs.csrc/sys/fs/procfs procfs_status.c Message-ID: <41AEF3E4.7070408@wadham.ox.ac.uk> In-Reply-To: <20041201225141.GA813@darkness.comp.waw.pl> References: <200412012133.iB1LX2JC019417@repoman.freebsd.org> <20041201225141.GA813@darkness.comp.waw.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
Pawel Jakub Dawidek wrote:
> On Wed, Dec 01, 2004 at 09:33:02PM +0000, Colin Percival wrote:
> +> Fix unvalidated pointer dereference. This is FreeBSD-SA-04:17.procfs.
>
> BTW. Why we don't check sbuf_copyin() return value here?
For the security advisory, I wanted to fix the security problem without
changing the existing behaviour. Right now, if argv is ("hello", NULL,
"world"), then /proc/curproc/cmdline will give you "hello\0\0world\0".
I have no objection to this behaviour being changed on -current, but we can't
change how the security (or arguably, the stable) branches behave now.
Colin Percival
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41AEF3E4.7070408>