From owner-freebsd-hackers@FreeBSD.ORG Fri Sep 17 00:40:34 2004 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A800216A4CE for ; Fri, 17 Sep 2004 00:40:34 +0000 (GMT) Received: from mail.vicor-nb.com (bigwoop.vicor-nb.com [208.206.78.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7FE6A43D3F for ; Fri, 17 Sep 2004 00:40:33 +0000 (GMT) (envelope-from julian@elischer.org) Received: from elischer.org (julian.vicor-nb.com [208.206.78.97]) by mail.vicor-nb.com (Postfix) with ESMTP id BEFE47A3D2; Thu, 16 Sep 2004 17:40:31 -0700 (PDT) Message-ID: <414A327F.2070207@elischer.org> Date: Thu, 16 Sep 2004 17:40:31 -0700 From: Julian Elischer User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.3.1) Gecko/20030516 X-Accept-Language: en, hu MIME-Version: 1.0 To: gerarra@tin.it References: <4146316C00007819@ims3a.cp.tin.it> In-Reply-To: <4146316C00007819@ims3a.cp.tin.it> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-hackers@freebsd.org Subject: Re: FreeBSD Kernel buffer overflow X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Sep 2004 00:40:34 -0000 gerarra@tin.it wrote: >>This is standard proceedure. >> >>"there is no security problem." >>There is not even a practical problem.. >> >>No-one is going to be able to break into your machine because of this >>unless they >>have already broken into your machine by some other method. >> >> >> > >We all agree with it, i worte 3 e-mails ago. > > > >>There is an implicit understanding in the kernel that it trusts itrself >> >> > > > >>to be done right.. >>If you wan to check this I can show you many more things we trust >>ourselves on in the kernel >> >>for example do you check the function pointers in vfs method arrays >>before calling them? >> >> > >This is not the same situation... why an user might change vfs method pointers? >Instead if I want to code a syscall accepting 9 arguments I can't do it... >and it could be happen! >I repeat, a check might be there... > > > >>If we checked everything we would never get anything done.. In the end >> >> > > > >>we draw the line at >>"we check values that come from userspace." We trust values that come >> >> >>from root indirectly > > >>e.g. when root mounts a filesystem or a kld module. >> >> > >Ok, but a syscall of 9 arguments it's not so strange and nobody knows is >impossible to realize. > If we put your patch in but as a KASSERT then anyone ruinning with debugging turned on (and no-one in their right mind would write a kernel module without turning on debugging, right?) will immediatly find the problem. > > > >>As you have raise dth issue we might add a KASSERT checking that it is >> >> > > > >>within bounds but >>the check would not be turned on for normal kernels just debug kernels. >> >> >> >I'm very sorry for this decision. However i will write my patch (would be >enough simple) and put it in the web to let other download, but, sincerely, >I hoped to cooperate with FreeBSD core team. > >greetings, > >rookie > > >_______________________________________________ >freebsd-hackers@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-hackers >To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" > >