Date: Sat, 18 Sep 2004 02:18:55 -0700 (PDT) From: Don Lewis <truckman@FreeBSD.org> To: pjd@FreeBSD.org Cc: keramida@FreeBSD.org Subject: Re: FreeBSD Kernel buffer overflow Message-ID: <200409180918.i8I9ItWl001012@gw.catspoiler.org> In-Reply-To: <20040918090227.GX30151@darkness.comp.waw.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
On 18 Sep, Pawel Jakub Dawidek wrote:
> On Fri, Sep 17, 2004 at 12:37:12PM +0300, Giorgos Keramidas wrote:
> +> % +#ifdef INVARIANTS
> +> % + KASSERT(0 <= narg && narg <= 8, ("invalid number of syscall args"));
> +> % +#endif
>
> Maybe:
> KASSERT(0 <= narg && narg <= sizeof(args) / sizeof(args[0]),
> ("invalid number of syscall args"));
>
> So if we decide to increase/decrease it someday, we don't have to remember
> about this KASSERT().
What keeps the attacker from installing two syscalls, the first of which
pokes NOPs over the KASSERT code, and the second of which accepts too
many arguments?
If you think we really need this bit of extra security, why not just
prevent the syscall with too many arguments from being registered by
syscall_register()? At least that keeps the check out of the most
frequently executed path.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200409180918.i8I9ItWl001012>