Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 19 Jun 2012 14:44:35 -0400
From:      John Baldwin <jhb@freebsd.org>
To:        freebsd-security@freebsd.org
Cc:        bz@freebsd.org, "Simon L. B. Nielsen" <simon@freebsd.org>, Steven Chamberlain <steven@pyro.eu.org>
Subject:   Re: Update for FreeBSD Security Advisory FreeBSD-SA-12:04.sysret for 8.1
Message-ID:  <201206191444.35285.jhb@freebsd.org>
In-Reply-To: <4FE0C1DA.2080809@pyro.eu.org>
References:  <497105EC-3223-4E59-A6E6-F810A15BCA5C@FreeBSD.org> <4FE0C1DA.2080809@pyro.eu.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday, June 19, 2012 2:15:54 pm Steven Chamberlain wrote:
> Hi,
> 
> Thanks a lot of looking into this!
> 
> On 18/06/12 22:37, Simon L. B. Nielsen wrote:
> > Note that this is ONLY for FreeBSD 8.1. Other branches are OK.
> 
> Having seen the correct fix now, I'm starting to wonder if the commit to
> RELENG_7_4 was really okay too?
> 
> 
http://svnweb.freebsd.org/base/releng/7.4/sys/amd64/amd64/trap.c?annotate=236953#l975
> 
> The inserted code does not appear at the end of the function, like it
> does now in all other versions including 8.1 which is the most similar.
> 
> I expect this would at least trap if the exploit was attempted, but then
> it would omit the rest of the function, including userret();  would that
> have consequences?

It would perhaps be best to occur at the end of the function to be consistent.  
However, the fix is functionally correct in this case.

-- 
John Baldwin



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201206191444.35285.jhb>