FreeBSD Kernel buffer overflow
Don Lewis
truckman at FreeBSD.org
Fri Sep 17 23:25:54 PDT 2004
On 18 Sep, Matt Emmerton wrote:
>
> ----- Original Message -----
> From: "Mike Meyer" <mwm at mired.org>
> To: "Matt Emmerton" <matt at gsicomp.on.ca>
> Cc: <viro at parcelfarce.linux.theplanet.co.uk>; "Avleen Vig"
> <lists-freebsd at silverwraith.com>; <freebsd-hackers at freebsd.org>;
> <gerarra at tin.it>
> Sent: Saturday, September 18, 2004 1:22 AM
> Subject: Re: FreeBSD Kernel buffer overflow
>
>
>> In <001801c49d38$1c8cb790$1200a8c0 at gsicomp.on.ca>, Matt Emmerton
> <matt at gsicomp.on.ca> typed:
>> > I disagree. It really comes down to how secure you want FreeBSD to be,
> and
>> > the attitude of "we don't need to protect against this case because
> anyone
>> > who does this is asking for trouble anyway" is one of the main reason
> why
>> > security holes exist in products today. (Someone else had brought this
> up
>> > much earlier on in the thread.)
>>
>> You haven't been paying close enough attention to the discussion. To
>> exploit this "security problem" you have to be root. If it's an
>> external attacker, you're already owned.
>
> I'm well aware of that fact. That's still not a reason to protect against
> the problem.
>
> If your leaky bucket has 10 holes in it, would you at least try and plug
> some of them?
If an attacker is allowed to install arbitrary syscalls, he might as
well install one that is easier to exploit.
struct write2kernel_args {
void *ubuf;
void *kbuf;
size_t nbyte;
};
void
write2kernel(td, uap)
struct thread *td;
struct write2kernel_args *uap;
{
copyin(uap->ubuf, uap->kbuf, nbyte);
}
More information about the freebsd-hackers
mailing list