Date: Tue, 19 Jun 2012 19:44:22 +0100 From: "Simon L. B. Nielsen" <simon@FreeBSD.org> To: Steven Chamberlain <steven@pyro.eu.org> Cc: freebsd-security@freebsd.org, bz@freebsd.org Subject: Re: Update for FreeBSD Security Advisory FreeBSD-SA-12:04.sysret for 8.1 Message-ID: <AD75B6E8-735E-4D40-ABB5-6C43DEFAFAA3@FreeBSD.org> In-Reply-To: <4FE0C1DA.2080809@pyro.eu.org> References: <497105EC-3223-4E59-A6E6-F810A15BCA5C@FreeBSD.org> <4FE0C1DA.2080809@pyro.eu.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 19 Jun 2012, at 19:15, Steven Chamberlain wrote: > On 18/06/12 22:37, Simon L. B. Nielsen wrote: >> Note that this is ONLY for FreeBSD 8.1. Other branches are OK. >=20 > Having seen the correct fix now, I'm starting to wonder if the commit = to > RELENG_7_4 was really okay too? >=20 > = http://svnweb.freebsd.org/base/releng/7.4/sys/amd64/amd64/trap.c?annotate=3D= 236953#l975 >=20 > The inserted code does not appear at the end of the function, like it > does now in all other versions including 8.1 which is the most = similar. >=20 > I expect this would at least trap if the exploit was attempted, but = then > it would omit the rest of the function, including userret(); would = that > have consequences? =46rom what our "kernel experts" (jhb/kib - sorry can't recall who = checked this), it should still work fine in the location it is in for = 7.4. --=20 Simon L. B. Nielsen
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AD75B6E8-735E-4D40-ABB5-6C43DEFAFAA3>