From owner-freebsd-hackers@FreeBSD.ORG Sat Sep 18 09:31:14 2004 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6F90E16A4CF; Sat, 18 Sep 2004 09:31:14 +0000 (GMT) Received: from darkness.comp.waw.pl (darkness.comp.waw.pl [195.117.238.136]) by mx1.FreeBSD.org (Postfix) with ESMTP id 146D443D46; Sat, 18 Sep 2004 09:31:14 +0000 (GMT) (envelope-from pjd@darkness.comp.waw.pl) Received: by darkness.comp.waw.pl (Postfix, from userid 1009) id F2C10ACC5F; Sat, 18 Sep 2004 11:31:12 +0200 (CEST) Date: Sat, 18 Sep 2004 11:31:12 +0200 From: Pawel Jakub Dawidek To: Don Lewis Message-ID: <20040918093112.GY30151@darkness.comp.waw.pl> References: <20040918090227.GX30151@darkness.comp.waw.pl> <200409180918.i8I9ItWl001012@gw.catspoiler.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="vTRmFbgCnKZxKP6J" Content-Disposition: inline In-Reply-To: <200409180918.i8I9ItWl001012@gw.catspoiler.org> User-Agent: Mutt/1.4.2i X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc X-OS: FreeBSD 5.2.1-RC2 i386 cc: freebsd-hackers@FreeBSD.org cc: gerarra@tin.it cc: keramida@FreeBSD.org Subject: Re: FreeBSD Kernel buffer overflow X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Sep 2004 09:31:14 -0000 --vTRmFbgCnKZxKP6J Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Sep 18, 2004 at 02:18:55AM -0700, Don Lewis wrote: +> On 18 Sep, Pawel Jakub Dawidek wrote: +> > On Fri, Sep 17, 2004 at 12:37:12PM +0300, Giorgos Keramidas wrote: +> > +> % +#ifdef INVARIANTS +> > +> % + KASSERT(0 <=3D narg && narg <=3D 8, ("invalid number of s= yscall args")); +> > +> % +#endif +> >=20 +> > Maybe: +> > KASSERT(0 <=3D narg && narg <=3D sizeof(args) / sizeof(args[0]), +> > ("invalid number of syscall args")); +> >=20 +> > So if we decide to increase/decrease it someday, we don't have to reme= mber +> > about this KASSERT(). +>=20 +> What keeps the attacker from installing two syscalls, the first of which +> pokes NOPs over the KASSERT code, and the second of which accepts too +> many arguments? First of all, this is not protection from an attacker, but help for bad programmers. +> If you think we really need this bit of extra security, why not just +> prevent the syscall with too many arguments from being registered by +> syscall_register()? At least that keeps the check out of the most +> frequently executed path. Good point, this is much better place for it. --=20 Pawel Jakub Dawidek http://www.FreeBSD.org pjd@FreeBSD.org http://garage.freebsd.pl FreeBSD committer Am I Evil? Yes, I Am! --vTRmFbgCnKZxKP6J Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFBTABgForvXbEpPzQRArg0AJ9Yzybv1ii9WvDeqaFvIWP5+/C1gACfQ0g9 jOhOseOQ8oP14LxHpVYxPeA= =pVnL -----END PGP SIGNATURE----- --vTRmFbgCnKZxKP6J--