From owner-freebsd-hackers@FreeBSD.ORG Sat Sep 18 10:24:04 2004 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 60A5A16A4CE for ; Sat, 18 Sep 2004 10:24:04 +0000 (GMT) Received: from vsmtp14.tin.it (vsmtp14.tin.it [212.216.176.118]) by mx1.FreeBSD.org (Postfix) with ESMTP id 24B7443D1D for ; Sat, 18 Sep 2004 10:24:04 +0000 (GMT) (envelope-from gerarra@tin.it) Received: from ims3a.cp.tin.it (192.168.70.103) by vsmtp14.tin.it (7.0.027) id 414B1A580003C4BE for freebsd-hackers@freebsd.org; Sat, 18 Sep 2004 12:24:04 +0200 Received: from [192.168.70.181] by ims3a.cp.tin.it with HTTP; Sat, 18 Sep 2004 12:24:04 +0200 Date: Sat, 18 Sep 2004 12:24:04 +0200 Message-ID: <4146316C0000A1ED@ims3a.cp.tin.it> In-Reply-To: <200409180918.i8I9ItWl001012@gw.catspoiler.org> From: gerarra@tin.it To: freebsd-hackers@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-15" Content-Transfer-Encoding: quoted-printable Subject: Re: FreeBSD Kernel buffer overflow X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Sep 2004 10:24:04 -0000 >What keeps the attacker from installing two syscalls, the first of which= >pokes NOPs over the KASSERT code, and the second of which accepts too >many arguments? > >If you think we really need this bit of extra security, why not just >prevent the syscall with too many arguments from being registered by >syscall_register()? At least that keeps the check out of the most >frequently executed path. This is not intended like a security check, just like a prevention agains= t accidental buffer overflow (like my proof of concept). This is a quite si= mple concept, take care. rookie