Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 22 Jun 2004 15:30:45 +0200
From:      Marceta Milos <root@marcetam.net>
To:        des@des.no
Cc:        alpha@freebsd.org
Subject:   Re: FreeBSD/Alpha local DoS
Message-ID:  <40D83485.3000708@marcetam.net>
In-Reply-To: <002601c45856$fea84990$020110ac@mm>
index | next in thread | previous in thread | raw e-mail 

>
>
Hi, Thank you for reply.


>The third, actually - but you should talk to alpha@freebsd.org
>instead.  We do not issue security advisories for local denial of
>service vulnerabilities.

Ok. Well, I hope you don't maint if I issue it somewhere. (I would just
like to hear from Alpha developers, to know they wrote solution for it).

>>something like putting :

>>#ifdef ALPHA
>>#define ALIGNED(x) x << 62 ? 0 : 1
>>#endif


>It's not that simple, because alignment requirements exist on other
>platforms as well, and usually vary with the type of data.  Since argv
>and envv are pointers to arrays of pointers, we need to check that
>they satisfy the alignment requirements for pointers:

>#define PTR_ALIGNED(x) (((x) & 0x7) == 0)

I agree. Thank you for pointing this out.

>>#ifdef ALPHA
>>if (!ALIGNED(*argv) || !ALIGNED(*env))
>>return -ERROR;
>>#endif

> You need to check argv itself, not what it points to; and "return
> -ERROR" is a Linuxism.  The correct incantation in FreeBSD would be
>
>        if (!PTR_ALIGNED(uap->argv) || !PTR_ALIGNED(uap->envv))
>                return (EFAULT);

Sorry for Linuxism, I just didn't pay attention to it. Just wanted to share idea.
Of course that formal incantation should be respected. Your line looks like 
possible workaround.
 
>which should be at the top of execve() in src/sys/kern/kern_exec.c.

>Actually, we already have an ALIGNED_POINTER() macro on Alpha, AMD64
>and IA64, but we can't use it in MI code since it doesn't exist on all
>platforms.  This should be easy to fix.

Please correct me if I am wrong, but src/sys/kern/kern_exec.c is
MI code.

So, putting the macro ALIGNED_POINTER or PTR_ALIGNED into execve(),
in mentioned file, whould be actually, putting MD code (since it's
not necessary on all platforms), into MI code ?

Well, I guess it's easy to fix, but I would just like to hear someone from
Alpha developers, to see their final idea, solution and patch for this.


Best regards,


Milos Marceta
home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?40D83485.3000708>