From owner-freebsd-hackers@FreeBSD.ORG Fri Sep 17 01:53:39 2004 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5C18416A4CE for ; Fri, 17 Sep 2004 01:53:39 +0000 (GMT) Received: from mail4.speakeasy.net (mail4.speakeasy.net [216.254.0.204]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3256243D39 for ; Fri, 17 Sep 2004 01:53:39 +0000 (GMT) (envelope-from jhb@FreeBSD.org) Received: (qmail 13226 invoked from network); 17 Sep 2004 01:53:39 -0000 Received: from dsl027-160-063.atl1.dsl.speakeasy.net (HELO server.baldwin.cx) ([216.27.160.63]) (envelope-sender ) encrypted SMTP for ; 17 Sep 2004 01:53:38 -0000 Received: from slimer.baldwin.cx (slimer.baldwin.cx [192.168.0.16]) (authenticated bits=0) by server.baldwin.cx (8.12.11/8.12.11) with ESMTP id i8H1rNN5002471; Thu, 16 Sep 2004 21:53:36 -0400 (EDT) (envelope-from jhb@FreeBSD.org) From: John Baldwin To: freebsd-hackers@FreeBSD.org Date: Thu, 16 Sep 2004 21:44:16 -0400 User-Agent: KMail/1.6.2 References: <4146316C00007823@ims3a.cp.tin.it> In-Reply-To: <4146316C00007823@ims3a.cp.tin.it> MIME-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset="iso-8859-15" Content-Transfer-Encoding: 7bit Message-Id: <200409162144.16853.jhb@FreeBSD.org> X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on server.baldwin.cx cc: gerarra@tin.it Subject: Re: FreeBSD Kernel buffer overflow X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Sep 2004 01:53:39 -0000 On Thursday 16 September 2004 08:50 pm, gerarra@tin.it wrote: > >A couple of points: > > > >1) No-one from the FreeBSD core team has participated in this > >discussion so far. > > > >2) Because you initially claimed that this was a security problem, you > >prejudiced people against you because it's quite obviously not > >security-related, as has been discussed. If you'd initially just > >asked for the sanity check for developers who might accidentally shoot > >their feet off (this is what Julian suggested in response to you), > >there would have been little controversy. > > > >Kris > > Hi Kris, > you're quite right but: former what I mean to say is that the problem > *exists*. Nobody can write a syscall with more than 8 arguments and this is > conceptually wrong. In my opinion this is a mistake, no assumptions might > be done on number of arguments (I've not seen a documentation about that > somewhere too...). Latter, it could be a security problem. I've seen a lot > of bug declared *not exploitable* exploitted by other coders after some > times. Nothing is impossible. I wanted to point out that. I think this is > different respect VFS pointers, don't you agree? You can pass as much as you want by wrapping it in a structure and passing a pointer to the structure as the argument to the system call. See ioctl(2) for examples. People who write system calls that are supposed to be useful are expected to not panic the kernel. :) You demonstrated that in that you found the limit (8 args) and now know to not go over it. :) It's ok to require kernel programmers to think. -- John Baldwin <>< http://www.FreeBSD.org/~jhb/ "Power Users Use the Power to Serve" = http://www.FreeBSD.org