From owner-freebsd-hackers@FreeBSD.ORG Fri Sep 17 00:50:36 2004 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5248616A4CE for ; Fri, 17 Sep 2004 00:50:36 +0000 (GMT) Received: from vsmtp1.tin.it (vsmtp1.tin.it [212.216.176.141]) by mx1.FreeBSD.org (Postfix) with ESMTP id D870543D49 for ; Fri, 17 Sep 2004 00:50:35 +0000 (GMT) (envelope-from gerarra@tin.it) Received: from ims3a.cp.tin.it (192.168.70.103) by vsmtp1.tin.it (7.0.027) id 414947D700063B2E for freebsd-hackers@freebsd.org; Fri, 17 Sep 2004 02:50:36 +0200 Received: from [192.168.70.226] by ims3a.cp.tin.it with HTTP; Fri, 17 Sep 2004 02:50:35 +0200 Date: Fri, 17 Sep 2004 02:50:35 +0200 Message-ID: <4146316C00007823@ims3a.cp.tin.it> In-Reply-To: <20040917002301.GB73372@hub.freebsd.org> From: gerarra@tin.it To: freebsd-hackers@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-15" Content-Transfer-Encoding: quoted-printable Subject: Re: FreeBSD Kernel buffer overflow X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Sep 2004 00:50:36 -0000 >A couple of points: > >1) No-one from the FreeBSD core team has participated in this >discussion so far. > >2) Because you initially claimed that this was a security problem, you >prejudiced people against you because it's quite obviously not >security-related, as has been discussed. If you'd initially just >asked for the sanity check for developers who might accidentally shoot >their feet off (this is what Julian suggested in response to you), >there would have been little controversy. > >Kris Hi Kris, you're quite right but: former what I mean to say is that the problem *ex= ists*. Nobody can write a syscall with more than 8 arguments and this is concept= ually wrong. In my opinion this is a mistake, no assumptions might be done on number of arguments (I've not seen a documentation about that somewhere too...). Latter, it could be a security problem. I've seen a lot of bug declared *not exploitable* exploitted by other coders after some times. Nothing is impossible. I wanted to point out that. I think this is differ= ent respect VFS pointers, don't you agree? rookie