Date: Wed, 17 Nov 1999 09:27:42 -0800 (PST) From: Matthew Dillon <dillon@apollo.backplane.com> To: Kelly Yancey <kbyanc@posi.net> Cc: freebsd-security@FreeBSD.ORG Subject: Re: kernel stack contents visible from userland Message-ID: <199911171727.JAA64140@apollo.backplane.com> References: <Pine.BSF.4.05.9911171152270.8195-100000@kronos.alcnet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
:
: Is there any security concern with a portion of the kernel's stack being
:visible from userland? The reason I ask is that while investigating
:another issue, I noticed that stat family of calls (and probably others)
:leave kernel stack contents into userland via spare struct stat fields (I
:imagine other structures have similar behavior with regards to the padding
:between fiels for alignment).
:
: The attached (simple) patch, applied in /sys/kern fixes it for stat and
:family. That is, assuming that this is something that needs fixing :)
:
:--
:Kelly Yancey - kbyanc@posi.net - Richmond, VA
Since the kernel stack is per-process, I don't think there is any
security concern. But you've definitely uncovered an undesired
trait so I think your patch is a good one.
-Matt
Matthew Dillon
<dillon@backplane.com>
:Director of Technical Services, ALC Communications http://www.alcnet.com/
:Maintainer, BSD Driver Database http://www.posi.net/freebsd/drivers/
:Coordinator, Team FreeBSD http://www.posi.net/freebsd/Team-FreeBSD/
:
:--- kern_descrip.c.orig Mon Nov 15 22:11:57 1999
:+++ kern_descrip.c Mon Nov 15 22:27:43 1999
:@@ -548,9 +548,11 @@
: panic("ofstat");
: /*NOTREACHED*/
: }
:- cvtstat(&ub, &oub);
:...
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199911171727.JAA64140>