cvs commit: src/sys/compat/linprocfs linprocfs.csrc/sys/fs/procfs
procfs_status.c
Colin Percival
colin.percival at wadham.ox.ac.uk
Thu Dec 2 02:52:24 PST 2004
Pawel Jakub Dawidek wrote:
> On Wed, Dec 01, 2004 at 09:33:02PM +0000, Colin Percival wrote:
> +> Fix unvalidated pointer dereference. This is FreeBSD-SA-04:17.procfs.
>
> BTW. Why we don't check sbuf_copyin() return value here?
For the security advisory, I wanted to fix the security problem without
changing the existing behaviour. Right now, if argv is ("hello", NULL,
"world"), then /proc/curproc/cmdline will give you "hello\0\0world\0".
I have no objection to this behaviour being changed on -current, but we can't
change how the security (or arguably, the stable) branches behave now.
Colin Percival
More information about the cvs-src
mailing list