Date: Wed, 17 Nov 1999 09:27:42 -0800 (PST) From: Matthew Dillon <dillon@apollo.backplane.com> To: Kelly Yancey <kbyanc@posi.net> Cc: freebsd-security@FreeBSD.ORG Subject: Re: kernel stack contents visible from userland Message-ID: <199911171727.JAA64140@apollo.backplane.com> References: <Pine.BSF.4.05.9911171152270.8195-100000@kronos.alcnet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
: : Is there any security concern with a portion of the kernel's stack being :visible from userland? The reason I ask is that while investigating :another issue, I noticed that stat family of calls (and probably others) :leave kernel stack contents into userland via spare struct stat fields (I :imagine other structures have similar behavior with regards to the padding :between fiels for alignment). : : The attached (simple) patch, applied in /sys/kern fixes it for stat and :family. That is, assuming that this is something that needs fixing :) : :-- :Kelly Yancey - kbyanc@posi.net - Richmond, VA Since the kernel stack is per-process, I don't think there is any security concern. But you've definitely uncovered an undesired trait so I think your patch is a good one. -Matt Matthew Dillon <dillon@backplane.com> :Director of Technical Services, ALC Communications http://www.alcnet.com/ :Maintainer, BSD Driver Database http://www.posi.net/freebsd/drivers/ :Coordinator, Team FreeBSD http://www.posi.net/freebsd/Team-FreeBSD/ : :--- kern_descrip.c.orig Mon Nov 15 22:11:57 1999 :+++ kern_descrip.c Mon Nov 15 22:27:43 1999 :@@ -548,9 +548,11 @@ : panic("ofstat"); : /*NOTREACHED*/ : } :- cvtstat(&ub, &oub); :... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199911171727.JAA64140>