Date: Fri, 17 Sep 2004 00:55:11 +0000 From: Kris Kennaway <kris@FreeBSD.org> To: gerarra@tin.it Cc: freebsd-hackers@freebsd.org Subject: Re: FreeBSD Kernel buffer overflow Message-ID: <20040917005511.GC73372@hub.freebsd.org> In-Reply-To: <4146316C00007823@ims3a.cp.tin.it> References: <20040917002301.GB73372@hub.freebsd.org> <4146316C00007823@ims3a.cp.tin.it>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Sep 17, 2004 at 02:50:35AM +0200, gerarra@tin.it wrote: > >A couple of points: > > > >1) No-one from the FreeBSD core team has participated in this > >discussion so far. > > > >2) Because you initially claimed that this was a security problem, you > >prejudiced people against you because it's quite obviously not > >security-related, as has been discussed. If you'd initially just > >asked for the sanity check for developers who might accidentally shoot > >their feet off (this is what Julian suggested in response to you), > >there would have been little controversy. > > > >Kris > > Hi Kris, > you're quite right but: former what I mean to say is that the problem *exists*. > Nobody can write a syscall with more than 8 arguments and this is conceptually > wrong. In my opinion this is a mistake, no assumptions might be done on > number of arguments (I've not seen a documentation about that somewhere > too...). Latter, it could be a security problem. I've seen a lot of bug > declared *not exploitable* exploitted by other coders after some times. > Nothing is impossible. I wanted to point out that. I think this is different > respect VFS pointers, don't you agree? No, it's just another example of what can go wrong if you already have root privileges or make a coding mistake. By the way, thanks for copying my private mail to the mailing list :P Kris
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040917005511.GC73372>