Date: Fri, 17 Sep 2004 01:29:22 +0200 From: gerarra@tin.it To: freebsd-hackers@freebsd.org Subject: Re: FreeBSD Kernel buffer overflow Message-ID: <4146316C000077FD@ims3a.cp.tin.it>
next in thread | raw e-mail | index | archive | help
> As you point out, Seen i said alredy, why repeating? I was pointing out about the problem, not security issue. Like FreeBSD user I want the patch for this code and I think is useful re= porting bug. It's an important part of the kernel so I didn't prepared a patch al= redy, I would like to know how core team will move. > The number of arguments for a syscall is defined within the kernel and > is not > supplied from an untrusted source. This means that this is not a > security problem. Inside the kernel? i can define a syscall accepting 30 args and it could send in panic freebsd kernel. I think it's a problem and a patch 'must' occur. > to load a kernel module you must be root (and not in a jail) meaning > that if you > wanted to, the quicker and easier exploit would be > /bin/sh > nice but it doesn't solve the problem. cheers, rookie
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4146316C000077FD>