Date: Tue, 17 Sep 2002 06:59:34 -0700 From: David Schultz <dschultz@uclink.Berkeley.EDU> To: security@FreeBSD.ORG Subject: race in i386_set_ldt(2) Message-ID: <20020917135934.GA2215@HAL9000.homeunix.com>
next in thread | raw e-mail | index | archive | help
There seems to be a nasty exploitable race in i386_set_ldt(2), as David Xu pointed out some months ago in i386/38021. As this is a vulnerability when the kernel is compiled with the USER_LDT option, I thought I'd do my part to try to convince someone to commit a fix. Although David's patch has a few nits in it, his basic approach of copying the descriptors into a temporary kernel buffer is necessary if i386_set_ldt() is to be both safe and transactional. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020917135934.GA2215>