Date: Fri, 21 Mar 1997 15:14:06 -0700 From: Steve Passe <smp@csn.net> To: Amancio Hasty <hasty@rah.star-gate.com> Cc: "Louis A. Mamakos" <louie@TransSys.COM>, Michael Petry <petry@netwolf.NetMasters.com>, multimedia@freebsd.org Subject: Re: Continquous Memory vs Virtual Memory Message-ID: <199703212214.PAA25609@Ilsa.StevesCafe.com> In-Reply-To: Your message of "Fri, 21 Mar 1997 13:48:51 PST." <199703212148.NAA02123@rah.star-gate.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, > Nope, because the risc program is build in a allocated area in > the kernel which the user can't override. If someone wanted ^^^^^^^^^^^^^^^^^ > to over-write a particular region of memory with the output ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > of the bt848 , they can . ^^^^^^^^^^^^^^^^^^^^^^^^^ this is the possibility that I was refering to. thus they could do the same thing that people do with strcpy(), write a short segment of code that creates a "worm hole" into the kernel, then install it with the above technique. this says to me that allowing a user to create and load a RISC program is a BAD idea. But having the kernel level RISC compiler is a good idea. It could enforce that the destination address MUST be within the range of the video card's linear buffer. Now we still need to worry about source addresses, a clever programmer could write a "snoop" program that could look into kernel core for other hacking info... -- Steve Passe | powered by smp@csn.net | Symmetric MultiProcessor FreeBSD
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199703212214.PAA25609>