Date: Sat, 24 Jun 2006 13:16:52 +0100 (BST) From: "Dominic Marks" <dom@helenmarks.co.uk> To: "Alexander Leidinger" <Alexander@Leidinger.net> Cc: cvs-src@freebsd.org, src-committers@freebsd.org, secteam@freebsd.org, cvs-all@freebsd.org Subject: Re: cvs commit: src/sys/compat/linux linux_misc.c Message-ID: <1098.192.168.15.12.1151151412.squirrel@mail.helenmarks.co.uk> In-Reply-To: <20060623214521.7b1441a6@Magellan.Leidinger.net> References: <200606231849.k5NIncuF041890@repoman.freebsd.org> <20060623214521.7b1441a6@Magellan.Leidinger.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Alexander Leidinger wrote: > Quoting Alexander Leidinger <netchild@FreeBSD.org> (Fri, 23 Jun 2006 > 18:49:38 +0000 (UTC)): > >> netchild 2006-06-23 18:49:38 UTC >> >> FreeBSD src repository >> >> Modified files: >> sys/compat/linux linux_misc.c >> Log: >> The linux times syscall can be called with a NULL pointer, so keep >> cool >> and don't panic. >> >> This fix is different from the patch submitted as it not only >> prevents >> a NULL-pointer dereference, but also skips some work in this case. > > I realized this may be a little bit misleading... > > The NULL pointer is used as the destination in a copyout. And it > writes > some kind of time values (current time). So this will overwrite parts > at the userland address 0. This will not lead to a kernel panic, but > it > will do malicious things to the program which uses the linux times > syscall. So this is not a DoS in any case. The problematic case is > when > a linux program uses a NULL pointer in the times syscall > conditionally. > This may render the service which uses such a linux program useless > sometimes. For programs which use NULL there every time, this is not a > DoS, it's just a normal bug (e.g. you can't use Oracle 10g Express) > which prevents the use of this program. > > So this is not a a huge security flaw, it's more a not so small > inconvenience. Since the RELENG_x_y branches are under control of the > secteam, I used the "Security:" mark up to encode the possible need to > merge this (I'm assuming Oracle 10g is important enough that we want > our users to be able to run it). > > For the curious people: there are two more patches needed to run > Oracle > 10g. They involve linprocfs and pseudofs. I will take care of them > later (and if this commit is subject to a merge to RELENG_x_y, the > other > two patches should be too, but this will the powers with hats > decide...). We use lots of Oracle at work but currently on Windows and Solaris. I'd be interested in testing and helping document '10g on FreeBSD' this once these patches are available / in the tree. Thanks! Dominic > Bye, > Alexander. > > -- > ...and that is how we know the Earth to be banana-shaped. > http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7 > http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137 > _______________________________________________ > cvs-src@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/cvs-src > To unsubscribe, send any mail to "cvs-src-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1098.192.168.15.12.1151151412.squirrel>