From owner-freebsd-alpha@FreeBSD.ORG Tue Jun 22 13:30:42 2004 Return-Path: Delivered-To: freebsd-alpha@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 67F9416A4CE for ; Tue, 22 Jun 2004 13:30:42 +0000 (GMT) Received: from mx1.drenik.net (mx1.drenik.net [195.252.112.11]) by mx1.FreeBSD.org (Postfix) with SMTP id D241943D31 for ; Tue, 22 Jun 2004 13:30:40 +0000 (GMT) (envelope-from root@marcetam.net) Received: (qmail 11542 invoked by uid 204); 22 Jun 2004 13:34:42 -0000 Received: from root@marcetam.net by mx1 by uid 201 with qmail-scanner-4.2 (f-prot: 4.3.2/3.14.7. Clear:RC:1(195.252.112.83):. Processed in 0.27006 secs); 22 Jun 2004 13:34:42 -0000 X-Drenik-Protection-Scanner-Mail-From: root@marcetam.net via mx1 X-Drenik-Protection-Scanner: 4.2 (Clear:RC:1(195.252.112.83):. Processed in 0.27006 secs) Received: from as1-ppp-083.drenik.net (HELO marcetam.net) (195.252.112.83) by 0 with SMTP; 22 Jun 2004 13:34:42 -0000 Message-ID: <40D83485.3000708@marcetam.net> Date: Tue, 22 Jun 2004 15:30:45 +0200 From: Marceta Milos User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.6) Gecko/20040531 X-Accept-Language: en-us, en MIME-Version: 1.0 To: des@des.no References: <002601c45856$fea84990$020110ac@mm> In-Reply-To: <002601c45856$fea84990$020110ac@mm> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Checker-Version: DrenikNet AntiSpam-Protection v4.2a on (mx1.drenik.net) X-Spam-Scandate: Tue, 22 Jun 2004 15:34:42 +0200 X-Spam-Level: X-Spam-Status: No, hits=(0.0) required=(3.2) X-Spam-Report: cc: alpha@freebsd.org Subject: Re: FreeBSD/Alpha local DoS X-BeenThere: freebsd-alpha@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Porting FreeBSD to the Alpha List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Jun 2004 13:30:42 -0000 > > Hi, Thank you for reply. >The third, actually - but you should talk to alpha@freebsd.org >instead. We do not issue security advisories for local denial of >service vulnerabilities. Ok. Well, I hope you don't maint if I issue it somewhere. (I would just like to hear from Alpha developers, to know they wrote solution for it). >>something like putting : >>#ifdef ALPHA >>#define ALIGNED(x) x << 62 ? 0 : 1 >>#endif >It's not that simple, because alignment requirements exist on other >platforms as well, and usually vary with the type of data. Since argv >and envv are pointers to arrays of pointers, we need to check that >they satisfy the alignment requirements for pointers: >#define PTR_ALIGNED(x) (((x) & 0x7) == 0) I agree. Thank you for pointing this out. >>#ifdef ALPHA >>if (!ALIGNED(*argv) || !ALIGNED(*env)) >>return -ERROR; >>#endif > You need to check argv itself, not what it points to; and "return > -ERROR" is a Linuxism. The correct incantation in FreeBSD would be > > if (!PTR_ALIGNED(uap->argv) || !PTR_ALIGNED(uap->envv)) > return (EFAULT); Sorry for Linuxism, I just didn't pay attention to it. Just wanted to share idea. Of course that formal incantation should be respected. Your line looks like possible workaround. >which should be at the top of execve() in src/sys/kern/kern_exec.c. >Actually, we already have an ALIGNED_POINTER() macro on Alpha, AMD64 >and IA64, but we can't use it in MI code since it doesn't exist on all >platforms. This should be easy to fix. Please correct me if I am wrong, but src/sys/kern/kern_exec.c is MI code. So, putting the macro ALIGNED_POINTER or PTR_ALIGNED into execve(), in mentioned file, whould be actually, putting MD code (since it's not necessary on all platforms), into MI code ? Well, I guess it's easy to fix, but I would just like to hear someone from Alpha developers, to see their final idea, solution and patch for this. Best regards, Milos Marceta