From owner-cvs-all@FreeBSD.ORG Sat Jun 24 12:17:13 2006 Return-Path: X-Original-To: cvs-all@freebsd.org Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5CADE16A4C4; Sat, 24 Jun 2006 12:17:13 +0000 (UTC) (envelope-from dom@helenmarks.co.uk) Received: from mail.goodforbusiness.co.uk (mail.goodforbusiness.co.uk [81.19.179.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id DBADC43D5D; Sat, 24 Jun 2006 12:17:01 +0000 (GMT) (envelope-from dom@helenmarks.co.uk) Received: from localhost (localhost [127.0.0.1]) by mail.goodforbusiness.co.uk (Postfix) with ESMTP id AC2CF11473; Sat, 24 Jun 2006 13:17:00 +0100 (BST) X-Virus-Scanned: mail.goodforbusiness.co.uk Received: from mail.goodforbusiness.co.uk ([127.0.0.1]) by localhost (mail.goodforbusiness.co.uk [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZZMycJn9Xw6H; Sat, 24 Jun 2006 13:16:59 +0100 (BST) Received: from mail.helenmarks.co.uk (unknown [192.168.100.1]) by mail.goodforbusiness.co.uk (Postfix) with ESMTP id 642FC1146C; Sat, 24 Jun 2006 13:16:59 +0100 (BST) Received: from localhost (localhost [127.0.0.1]) by mail.helenmarks.co.uk (Postfix) with ESMTP id 0E2101704B; Sat, 24 Jun 2006 13:16:59 +0100 (BST) X-Virus-Scanned: amavisd-new at helenmarks.co.uk Received: from mail.helenmarks.co.uk ([127.0.0.1]) by localhost (mail.helenmarks.co.uk [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oKAQ4DLAHO9M; Sat, 24 Jun 2006 13:16:53 +0100 (BST) Received: by mail.helenmarks.co.uk (Postfix, from userid 80) id 1F6A217045; Sat, 24 Jun 2006 13:16:53 +0100 (BST) Received: from mrt.helenmarks.co.uk ([192.168.15.12]) (SquirrelMail authenticated user dom) by mail.helenmarks.co.uk with HTTP; Sat, 24 Jun 2006 13:16:52 +0100 (BST) Message-ID: <1098.192.168.15.12.1151151412.squirrel@mail.helenmarks.co.uk> In-Reply-To: <20060623214521.7b1441a6@Magellan.Leidinger.net> References: <200606231849.k5NIncuF041890@repoman.freebsd.org> <20060623214521.7b1441a6@Magellan.Leidinger.net> Date: Sat, 24 Jun 2006 13:16:52 +0100 (BST) From: "Dominic Marks" To: "Alexander Leidinger" User-Agent: SquirrelMail/1.4.6 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-15 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Cc: cvs-src@freebsd.org, src-committers@freebsd.org, secteam@freebsd.org, cvs-all@freebsd.org Subject: Re: cvs commit: src/sys/compat/linux linux_misc.c X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Jun 2006 12:17:13 -0000 Alexander Leidinger wrote: > Quoting Alexander Leidinger (Fri, 23 Jun 2006 > 18:49:38 +0000 (UTC)): > >> netchild 2006-06-23 18:49:38 UTC >> >> FreeBSD src repository >> >> Modified files: >> sys/compat/linux linux_misc.c >> Log: >> The linux times syscall can be called with a NULL pointer, so keep >> cool >> and don't panic. >> >> This fix is different from the patch submitted as it not only >> prevents >> a NULL-pointer dereference, but also skips some work in this case. > > I realized this may be a little bit misleading... > > The NULL pointer is used as the destination in a copyout. And it > writes > some kind of time values (current time). So this will overwrite parts > at the userland address 0. This will not lead to a kernel panic, but > it > will do malicious things to the program which uses the linux times > syscall. So this is not a DoS in any case. The problematic case is > when > a linux program uses a NULL pointer in the times syscall > conditionally. > This may render the service which uses such a linux program useless > sometimes. For programs which use NULL there every time, this is not a > DoS, it's just a normal bug (e.g. you can't use Oracle 10g Express) > which prevents the use of this program. > > So this is not a a huge security flaw, it's more a not so small > inconvenience. Since the RELENG_x_y branches are under control of the > secteam, I used the "Security:" mark up to encode the possible need to > merge this (I'm assuming Oracle 10g is important enough that we want > our users to be able to run it). > > For the curious people: there are two more patches needed to run > Oracle > 10g. They involve linprocfs and pseudofs. I will take care of them > later (and if this commit is subject to a merge to RELENG_x_y, the > other > two patches should be too, but this will the powers with hats > decide...). We use lots of Oracle at work but currently on Windows and Solaris. I'd be interested in testing and helping document '10g on FreeBSD' this once these patches are available / in the tree. Thanks! Dominic > Bye, > Alexander. > > -- > ...and that is how we know the Earth to be banana-shaped. > http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7 > http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137 > _______________________________________________ > cvs-src@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/cvs-src > To unsubscribe, send any mail to "cvs-src-unsubscribe@freebsd.org" >