Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 17 Sep 2004 23:25:40 -0700 (PDT)
From:      Don Lewis <truckman@FreeBSD.org>
To:        matt@gsicomp.on.ca
Cc:        freebsd-hackers@FreeBSD.org
Subject:   Re: FreeBSD Kernel buffer overflow
Message-ID:  <200409180625.i8I6Pejb000735@gw.catspoiler.org>
In-Reply-To: <006201c49d42$0c751aa0$1200a8c0@gsicomp.on.ca>

next in thread | previous in thread | raw e-mail | index | archive | help
On 18 Sep, Matt Emmerton wrote:
> 
> ----- Original Message ----- 
> From: "Mike Meyer" <mwm@mired.org>
> To: "Matt Emmerton" <matt@gsicomp.on.ca>
> Cc: <viro@parcelfarce.linux.theplanet.co.uk>; "Avleen Vig"
> <lists-freebsd@silverwraith.com>; <freebsd-hackers@freebsd.org>;
> <gerarra@tin.it>
> Sent: Saturday, September 18, 2004 1:22 AM
> Subject: Re: FreeBSD Kernel buffer overflow
> 
> 
>> In <001801c49d38$1c8cb790$1200a8c0@gsicomp.on.ca>, Matt Emmerton
> <matt@gsicomp.on.ca> typed:
>> > I disagree.  It really comes down to how secure you want FreeBSD to be,
> and
>> > the attitude of "we don't need to protect against this case because
> anyone
>> > who does this is asking for trouble anyway" is one of the main reason
> why
>> > security holes exist in products today.  (Someone else had brought this
> up
>> > much earlier on in the thread.)
>>
>> You haven't been paying close enough attention to the discussion. To
>> exploit this "security problem" you have to be root. If it's an
>> external attacker, you're already owned.
> 
> I'm well aware of that fact.  That's still not a reason to protect against
> the problem.
> 
> If your leaky bucket has 10 holes in it, would you at least try and plug
> some of them?

If an attacker is allowed to install arbitrary syscalls, he might as
well install one that is easier to exploit.

struct write2kernel_args {
        void    *ubuf;
        void    *kbuf;
        size_t  nbyte;
};
void
write2kernel(td, uap)
        struct thread *td;
        struct write2kernel_args *uap;
{
 
        copyin(uap->ubuf, uap->kbuf, nbyte);
}



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200409180625.i8I6Pejb000735>