Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 21 Mar 1997 15:14:06 -0700
From:      Steve Passe <smp@csn.net>
To:        Amancio Hasty <hasty@rah.star-gate.com>
Cc:        "Louis A. Mamakos" <louie@TransSys.COM>, Michael Petry <petry@netwolf.NetMasters.com>, multimedia@freebsd.org
Subject:   Re: Continquous Memory vs Virtual Memory 
Message-ID:  <199703212214.PAA25609@Ilsa.StevesCafe.com>
In-Reply-To: Your message of "Fri, 21 Mar 1997 13:48:51 PST." <199703212148.NAA02123@rah.star-gate.com> 

next in thread | previous in thread | raw e-mail | index | archive | help
Hi,

> Nope, because the risc program is build in a allocated area in 
> the kernel which the user can't override. If someone wanted
                                            ^^^^^^^^^^^^^^^^^
> to over-write a particular region of memory with the output
  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> of the bt848 , they can .
  ^^^^^^^^^^^^^^^^^^^^^^^^^

this is the possibility that I was refering to.  thus they could do the
same thing that people do with strcpy(), write a short segment of
code that creates a "worm hole" into the kernel, then install it
with the above technique.  this says to me that allowing a user
to create and load a RISC program is a BAD idea.  But having the
kernel level RISC compiler is a good idea.  It could enforce that the
destination address MUST be within the range of the video card's
linear buffer.  Now we still need to worry about source addresses,
a clever programmer could write a "snoop" program that
could look into kernel core for other hacking info...

--
Steve Passe	| powered by
smp@csn.net	|            Symmetric MultiProcessor FreeBSD




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199703212214.PAA25609>