From owner-freebsd-security  Fri Dec 28 21:59:11 2001
Delivered-To: freebsd-security@freebsd.org
Received: from elvis.mu.org (elvis.mu.org [216.33.66.196])
	by hub.freebsd.org (Postfix) with ESMTP
	id A5C0837B41C; Fri, 28 Dec 2001 21:59:04 -0800 (PST)
Received: by elvis.mu.org (Postfix, from userid 1192)
	id 5A15581E0B; Fri, 28 Dec 2001 23:59:04 -0600 (CST)
Date: Fri, 28 Dec 2001 23:59:04 -0600
From: Alfred Perlstein <alfred@freebsd.org>
To: Tor.Egge@cvsup.no.freebsd.org
Cc: security@freebsd.org, alc@freebsd.org, dillon@freebsd.org
Subject: Re: (forw) Re: AIO vulnerability (from bugtraq)
Message-ID: <20011228235904.B16101@elvis.mu.org>
References: <20011210132621.E92148@elvis.mu.org> <20011211180713J.tegge@cvsup.no.freebsd.org> <20011228235711.A16101@elvis.mu.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20011228235711.A16101@elvis.mu.org>; from alfred@freebsd.org on Fri, Dec 28, 2001 at 11:57:11PM -0600
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

* Alfred Perlstein <alfred@freebsd.org> [011228 23:57] wrote:
> * Tor.Egge@cvsup.no.freebsd.org <Tor.Egge@cvsup.no.freebsd.org> [011211 12:07] wrote:
> > > Can you look at this?
> > 
> > All pending aio requests must be drained before mapping the new
> > vmspace.  An untested suggested pach is enclosed.
> > 
> > - Tor Egge
> 
> This looks a bit early and could result in aio_proc_rundown()
> being called but returning ENOEXEC to the caller.
> 
> I think it's safe to move it down a bit as it seems the interpreter
> is responsible for only setting up the imgp such that kern_exec.c
> can finish the job.  Wouldn't you say it's probably safe to try
> this instead?

On second thought it probably has to be right before where I put
it, before the p->p_sysent->sv_fixup callback.

*sigh*

-- 
-Alfred Perlstein [alfred@freebsd.org]
'Instead of asking why a piece of software is using "1970s technology,"
 start asking why software is ignoring 30 years of accumulated wisdom.'
Tax deductable donations for FreeBSD: http://www.freebsdfoundation.org/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message