Update for FreeBSD Security Advisory FreeBSD-SA-12:04.sysret
for 8.1
Simon L. B. Nielsen
simon at FreeBSD.org
Tue Jun 19 18:44:28 UTC 2012
On 19 Jun 2012, at 19:15, Steven Chamberlain wrote:
> On 18/06/12 22:37, Simon L. B. Nielsen wrote:
>> Note that this is ONLY for FreeBSD 8.1. Other branches are OK.
>
> Having seen the correct fix now, I'm starting to wonder if the commit to
> RELENG_7_4 was really okay too?
>
> http://svnweb.freebsd.org/base/releng/7.4/sys/amd64/amd64/trap.c?annotate=236953#l975
>
> The inserted code does not appear at the end of the function, like it
> does now in all other versions including 8.1 which is the most similar.
>
> I expect this would at least trap if the exploit was attempted, but then
> it would omit the rest of the function, including userret(); would that
> have consequences?
From what our "kernel experts" (jhb/kib - sorry can't recall who checked this), it should still work fine in the location it is in for 7.4.
--
Simon L. B. Nielsen
More information about the freebsd-security
mailing list