Update for FreeBSD Security Advisory FreeBSD-SA-12:04.sysret
for 8.1
Steven Chamberlain
steven at pyro.eu.org
Tue Jun 19 18:16:05 UTC 2012
Hi,
Thanks a lot of looking into this!
On 18/06/12 22:37, Simon L. B. Nielsen wrote:
> Note that this is ONLY for FreeBSD 8.1. Other branches are OK.
Having seen the correct fix now, I'm starting to wonder if the commit to
RELENG_7_4 was really okay too?
http://svnweb.freebsd.org/base/releng/7.4/sys/amd64/amd64/trap.c?annotate=236953#l975
The inserted code does not appear at the end of the function, like it
does now in all other versions including 8.1 which is the most similar.
I expect this would at least trap if the exploit was attempted, but then
it would omit the rest of the function, including userret(); would that
have consequences?
Thanks,
Regards,
--
Steven Chamberlain
steven at pyro.eu.org
More information about the freebsd-security
mailing list