Date: Mon, 05 Feb 2001 09:46:35 +0000 From: Nathan Gould <ngould@zoo.co.uk> To: Robert Watson <rwatson@FreeBSD.ORG> Cc: freebsd-arch@FreeBSD.ORG Subject: Re: Tests for NULL p_ucred under p_cred -- are they needed? Message-ID: <3A7E767B.6AADB3B5@zoo.co.uk> References: <Pine.NEB.3.96L.1010204190927.74962D-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Robert Watson wrote: > I've noticed that at various points in the kernel code, there are tests to > check that the ucred structure in a proc is non-NULL before using it. > Under what circumstances do we believe it is possible for the ucred > pointer to be non-NULL? It seems that, in normal usage, it should always > be defined--the only points where it might be NULL would be during process > creation and process exit. Are these windows long enough for it to be a > concern? Are appropriate process locks held, under SMPng, such that it's > never possible to grab a ucred structure for a process while it is NULL? > > It seems that there are other components of the code that assume that if > (p) is non-NULL, then a ucred must be defined for the process, which seems > like a consistent assumption assuming appropriate protections are in > place. > > Robert N M Watson FreeBSD Core Team, TrustedBSD Project > robert@fledge.watson.org NAI Labs, Safeport Network Services > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-arch" in the body of the message Surely, if for no other reason, we should be checking for abnormalities such as non-Null for security reasons i.e. security breaches tend to be based on non-corformance to publicised identified usage. Just a thought... Nathan Gould ngould@zoo.co.uk To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A7E767B.6AADB3B5>