FreeBSD Kernel buffer overflow
Kris Kennaway
kris at FreeBSD.org
Thu Sep 16 17:55:11 PDT 2004
On Fri, Sep 17, 2004 at 02:50:35AM +0200, gerarra at tin.it wrote:
> >A couple of points:
> >
> >1) No-one from the FreeBSD core team has participated in this
> >discussion so far.
> >
> >2) Because you initially claimed that this was a security problem, you
> >prejudiced people against you because it's quite obviously not
> >security-related, as has been discussed. If you'd initially just
> >asked for the sanity check for developers who might accidentally shoot
> >their feet off (this is what Julian suggested in response to you),
> >there would have been little controversy.
> >
> >Kris
>
> Hi Kris,
> you're quite right but: former what I mean to say is that the problem *exists*.
> Nobody can write a syscall with more than 8 arguments and this is conceptually
> wrong. In my opinion this is a mistake, no assumptions might be done on
> number of arguments (I've not seen a documentation about that somewhere
> too...). Latter, it could be a security problem. I've seen a lot of bug
> declared *not exploitable* exploitted by other coders after some times.
> Nothing is impossible. I wanted to point out that. I think this is different
> respect VFS pointers, don't you agree?
No, it's just another example of what can go wrong if you already have
root privileges or make a coding mistake.
By the way, thanks for copying my private mail to the mailing list :P
Kris
More information about the freebsd-hackers
mailing list