From owner-freebsd-hackers@FreeBSD.ORG  Fri Sep 17 00:55:11 2004
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 758)
	id 3791916A4CF; Fri, 17 Sep 2004 00:55:11 +0000 (GMT)
Date: Fri, 17 Sep 2004 00:55:11 +0000
From: Kris Kennaway <kris@FreeBSD.org>
To: gerarra@tin.it
Message-ID: <20040917005511.GC73372@hub.freebsd.org>
References: <20040917002301.GB73372@hub.freebsd.org>
	<4146316C00007823@ims3a.cp.tin.it>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <4146316C00007823@ims3a.cp.tin.it>
User-Agent: Mutt/1.4.1i
cc: freebsd-hackers@freebsd.org
Subject: Re: FreeBSD Kernel buffer overflow
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Sep 2004 00:55:11 -0000

On Fri, Sep 17, 2004 at 02:50:35AM +0200, gerarra@tin.it wrote:
> >A couple of points:
> >
> >1) No-one from the FreeBSD core team has participated in this
> >discussion so far.
> >
> >2) Because you initially claimed that this was a security problem, you
> >prejudiced people against you because it's quite obviously not
> >security-related, as has been discussed.  If you'd initially just
> >asked for the sanity check for developers who might accidentally shoot
> >their feet off (this is what Julian suggested in response to you),
> >there would have been little controversy.
> >
> >Kris
> 
> Hi Kris,
> you're quite right but: former what I mean to say is that the problem *exists*.
> Nobody can write a syscall with more than 8 arguments and this is conceptually
> wrong. In my opinion this is a mistake, no assumptions might be done on
> number of arguments (I've not seen a documentation about that somewhere
> too...). Latter, it could be a security problem. I've seen a lot of bug
> declared *not exploitable* exploitted by other coders after some times.
> Nothing is impossible. I wanted to point out that. I think this is different
> respect VFS pointers, don't you agree?

No, it's just another example of what can go wrong if you already have
root privileges or make a coding mistake.

By the way, thanks for copying my private mail to the mailing list :P

Kris