Date: Wed, 16 Apr 1997 15:20:03 -0700 (PDT) From: j@uriah.heep.sax.de (J Wunsch) To: freebsd-bugs Subject: Re: i386/3309: /dev/spkr can crash system and may have serious security exploits Message-ID: <199704162220.PAA20379@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR i386/3309; it has been noted by GNATS. From: j@uriah.heep.sax.de (J Wunsch) To: brett@lariat.org Cc: freebsd-gnats-submit@freebsd.org Subject: Re: i386/3309: /dev/spkr can crash system and may have serious security exploits Date: Thu, 17 Apr 1997 00:07:05 +0200 As brett@lariat.org wrote: > The /dev/spkr driver apparently can corrupt kernel memory if noises > are made in rapid succession or if one is started before an earlier > one finishes. The Perl code below triggers the bug on my 2.1.0-R > system quite reliably (the code for the driver doesn't seem to have > changed since then). Not to say that there's no bug anymore, but i've tried hard to reproduce it (including repeatedly playing random data, and testing your Perl script), and haven't been able to find any problem. That's with a pretty -current system though. > Would like to fix this myself, but don't know all the semantics and > meta-semantics of the routines called within FreeBSD device drivers. > (Would love to see a kernel-hacking manual that covers this!) There's an evolving section 9 of the manual available now. What exactly don't you understand? The kernel-hacking manual probably won't ever happen. Kernel hackers are usually too busy to even write smaller man pages, let alone excessive documentation. Documenters usually think they don't have a clue about kernel hacking (but it's actually rather that they didn't ever try, or they would have noticed that it's not much more difficult than usual application hacking :). -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE Never trust an operating system you don't have sources for. ;-)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199704162220.PAA20379>