FreeBSD Kernel buffer overflow

Don Lewis truckman at
Fri Sep 17 23:25:54 PDT 2004

On 18 Sep, Matt Emmerton wrote:
> ----- Original Message ----- 
> From: "Mike Meyer" <mwm at>
> To: "Matt Emmerton" <matt at>
> Cc: <viro at>; "Avleen Vig"
> <lists-freebsd at>; <freebsd-hackers at>;
> <gerarra at>
> Sent: Saturday, September 18, 2004 1:22 AM
> Subject: Re: FreeBSD Kernel buffer overflow
>> In <001801c49d38$1c8cb790$1200a8c0 at>, Matt Emmerton
> <matt at> typed:
>> > I disagree.  It really comes down to how secure you want FreeBSD to be,
> and
>> > the attitude of "we don't need to protect against this case because
> anyone
>> > who does this is asking for trouble anyway" is one of the main reason
> why
>> > security holes exist in products today.  (Someone else had brought this
> up
>> > much earlier on in the thread.)
>> You haven't been paying close enough attention to the discussion. To
>> exploit this "security problem" you have to be root. If it's an
>> external attacker, you're already owned.
> I'm well aware of that fact.  That's still not a reason to protect against
> the problem.
> If your leaky bucket has 10 holes in it, would you at least try and plug
> some of them?

If an attacker is allowed to install arbitrary syscalls, he might as
well install one that is easier to exploit.

struct write2kernel_args {
        void    *ubuf;
        void    *kbuf;
        size_t  nbyte;
write2kernel(td, uap)
        struct thread *td;
        struct write2kernel_args *uap;
        copyin(uap->ubuf, uap->kbuf, nbyte);

More information about the freebsd-hackers mailing list