Date: Sat, 18 Sep 2004 11:31:12 +0200 From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: Don Lewis <truckman@FreeBSD.org> Cc: keramida@FreeBSD.org Subject: Re: FreeBSD Kernel buffer overflow Message-ID: <20040918093112.GY30151@darkness.comp.waw.pl> In-Reply-To: <200409180918.i8I9ItWl001012@gw.catspoiler.org> References: <20040918090227.GX30151@darkness.comp.waw.pl> <200409180918.i8I9ItWl001012@gw.catspoiler.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
On Sat, Sep 18, 2004 at 02:18:55AM -0700, Don Lewis wrote:
+> On 18 Sep, Pawel Jakub Dawidek wrote:
+> > On Fri, Sep 17, 2004 at 12:37:12PM +0300, Giorgos Keramidas wrote:
+> > +> % +#ifdef INVARIANTS
+> > +> % + KASSERT(0 <= narg && narg <= 8, ("invalid number of syscall args"));
+> > +> % +#endif
+> >
+> > Maybe:
+> > KASSERT(0 <= narg && narg <= sizeof(args) / sizeof(args[0]),
+> > ("invalid number of syscall args"));
+> >
+> > So if we decide to increase/decrease it someday, we don't have to remember
+> > about this KASSERT().
+>
+> What keeps the attacker from installing two syscalls, the first of which
+> pokes NOPs over the KASSERT code, and the second of which accepts too
+> many arguments?
First of all, this is not protection from an attacker, but help for bad
programmers.
+> If you think we really need this bit of extra security, why not just
+> prevent the syscall with too many arguments from being registered by
+> syscall_register()? At least that keeps the check out of the most
+> frequently executed path.
Good point, this is much better place for it.
--
Pawel Jakub Dawidek http://www.FreeBSD.org
pjd@FreeBSD.org http://garage.freebsd.pl
FreeBSD committer Am I Evil? Yes, I Am!
[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)
iD8DBQFBTABgForvXbEpPzQRArg0AJ9Yzybv1ii9WvDeqaFvIWP5+/C1gACfQ0g9
jOhOseOQ8oP14LxHpVYxPeA=
=pVnL
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040918093112.GY30151>