Date: Fri, 17 Sep 2004 02:50:35 +0200 From: gerarra@tin.it To: freebsd-hackers@freebsd.org Subject: Re: FreeBSD Kernel buffer overflow Message-ID: <4146316C00007823@ims3a.cp.tin.it> In-Reply-To: <20040917002301.GB73372@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
>A couple of points: > >1) No-one from the FreeBSD core team has participated in this >discussion so far. > >2) Because you initially claimed that this was a security problem, you >prejudiced people against you because it's quite obviously not >security-related, as has been discussed. If you'd initially just >asked for the sanity check for developers who might accidentally shoot >their feet off (this is what Julian suggested in response to you), >there would have been little controversy. > >Kris Hi Kris, you're quite right but: former what I mean to say is that the problem *ex= ists*. Nobody can write a syscall with more than 8 arguments and this is concept= ually wrong. In my opinion this is a mistake, no assumptions might be done on number of arguments (I've not seen a documentation about that somewhere too...). Latter, it could be a security problem. I've seen a lot of bug declared *not exploitable* exploitted by other coders after some times. Nothing is impossible. I wanted to point out that. I think this is differ= ent respect VFS pointers, don't you agree? rookie
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4146316C00007823>