FreeBSD Kernel buffer overflow
gerarra at tin.it
gerarra at tin.it
Thu Sep 16 16:29:24 PDT 2004
> As you point out,
Seen i said alredy, why repeating? I was pointing out about the problem,
not security issue.
Like FreeBSD user I want the patch for this code and I think is useful reporting
bug. It's an important part of the kernel so I didn't prepared a patch alredy,
I would like to know how core team will move.
> The number of arguments for a syscall is defined within the kernel and
> is not
> supplied from an untrusted source. This means that this is not a
> security problem.
Inside the kernel? i can define a syscall accepting 30 args and it could
send in panic freebsd kernel. I think it's a problem and a patch 'must'
occur.
> to load a kernel module you must be root (and not in a jail) meaning
> that if you
> wanted to, the quicker and easier exploit would be
> /bin/sh
>
nice but it doesn't solve the problem.
cheers,
rookie
More information about the freebsd-hackers
mailing list