Date: Thu, 16 Sep 2004 21:44:16 -0400 From: John Baldwin <jhb@FreeBSD.org> To: freebsd-hackers@FreeBSD.org Cc: gerarra@tin.it Subject: Re: FreeBSD Kernel buffer overflow Message-ID: <200409162144.16853.jhb@FreeBSD.org> In-Reply-To: <4146316C00007823@ims3a.cp.tin.it> References: <4146316C00007823@ims3a.cp.tin.it>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thursday 16 September 2004 08:50 pm, gerarra@tin.it wrote: > >A couple of points: > > > >1) No-one from the FreeBSD core team has participated in this > >discussion so far. > > > >2) Because you initially claimed that this was a security problem, you > >prejudiced people against you because it's quite obviously not > >security-related, as has been discussed. If you'd initially just > >asked for the sanity check for developers who might accidentally shoot > >their feet off (this is what Julian suggested in response to you), > >there would have been little controversy. > > > >Kris > > Hi Kris, > you're quite right but: former what I mean to say is that the problem > *exists*. Nobody can write a syscall with more than 8 arguments and this is > conceptually wrong. In my opinion this is a mistake, no assumptions might > be done on number of arguments (I've not seen a documentation about that > somewhere too...). Latter, it could be a security problem. I've seen a lot > of bug declared *not exploitable* exploitted by other coders after some > times. Nothing is impossible. I wanted to point out that. I think this is > different respect VFS pointers, don't you agree? You can pass as much as you want by wrapping it in a structure and passing a pointer to the structure as the argument to the system call. See ioctl(2) for examples. People who write system calls that are supposed to be useful are expected to not panic the kernel. :) You demonstrated that in that you found the limit (8 args) and now know to not go over it. :) It's ok to require kernel programmers to think. -- John Baldwin <jhb@FreeBSD.org> <>< http://www.FreeBSD.org/~jhb/ "Power Users Use the Power to Serve" = http://www.FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200409162144.16853.jhb>