From owner-freebsd-hackers@FreeBSD.ORG Sat Sep 18 06:25:53 2004 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DC1D816A4CE for ; Sat, 18 Sep 2004 06:25:53 +0000 (GMT) Received: from gw.catspoiler.org (217-ip-163.nccn.net [209.79.217.163]) by mx1.FreeBSD.org (Postfix) with ESMTP id 81F3D43D1D for ; Sat, 18 Sep 2004 06:25:53 +0000 (GMT) (envelope-from truckman@FreeBSD.org) Received: from FreeBSD.org (mousie.catspoiler.org [192.168.101.2]) by gw.catspoiler.org (8.13.1/8.13.1) with ESMTP id i8I6Pejb000735; Fri, 17 Sep 2004 23:25:46 -0700 (PDT) (envelope-from truckman@FreeBSD.org) Message-Id: <200409180625.i8I6Pejb000735@gw.catspoiler.org> Date: Fri, 17 Sep 2004 23:25:40 -0700 (PDT) From: Don Lewis To: matt@gsicomp.on.ca In-Reply-To: <006201c49d42$0c751aa0$1200a8c0@gsicomp.on.ca> MIME-Version: 1.0 Content-Type: TEXT/plain; charset=us-ascii cc: viro@parcelfarce.linux.theplanet.co.uk cc: mwm@mired.org cc: gerarra@tin.it cc: freebsd-hackers@FreeBSD.org Subject: Re: FreeBSD Kernel buffer overflow X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Sep 2004 06:25:54 -0000 On 18 Sep, Matt Emmerton wrote: > > ----- Original Message ----- > From: "Mike Meyer" > To: "Matt Emmerton" > Cc: ; "Avleen Vig" > ; ; > > Sent: Saturday, September 18, 2004 1:22 AM > Subject: Re: FreeBSD Kernel buffer overflow > > >> In <001801c49d38$1c8cb790$1200a8c0@gsicomp.on.ca>, Matt Emmerton > typed: >> > I disagree. It really comes down to how secure you want FreeBSD to be, > and >> > the attitude of "we don't need to protect against this case because > anyone >> > who does this is asking for trouble anyway" is one of the main reason > why >> > security holes exist in products today. (Someone else had brought this > up >> > much earlier on in the thread.) >> >> You haven't been paying close enough attention to the discussion. To >> exploit this "security problem" you have to be root. If it's an >> external attacker, you're already owned. > > I'm well aware of that fact. That's still not a reason to protect against > the problem. > > If your leaky bucket has 10 holes in it, would you at least try and plug > some of them? If an attacker is allowed to install arbitrary syscalls, he might as well install one that is easier to exploit. struct write2kernel_args { void *ubuf; void *kbuf; size_t nbyte; }; void write2kernel(td, uap) struct thread *td; struct write2kernel_args *uap; { copyin(uap->ubuf, uap->kbuf, nbyte); }