Bug in VM pages protection handling.

Tue Jul 15 02:41:36 PDT 2003

On Tue, Jul 15, 2003 at 04:06:18AM -0500, Alan L. Cox wrote:
+> Could you post a pointer to the kernel module's source code?

It is hard to reproduce, you need majordomo for this:)
Here is discussion about this:

	https://sourceforge.net/mailarchive/forum.php?thread_id=2722479&forum_id=7642

And here is procedure that should handle everything:

	# cd /usr/ports/mail/majordomo
	# make install clean
	# cd /tmp
	# cvs -d:pserver:anonymous at cvs.sf.net:/cvsroot/cerb-ng co -D "July 11, 2003" cerb-ng
	# cd cerb-ng
	# make; make install
	# kldload cerb
	# /sbin/cbctl -f /path/to/majordomo-test.cb
	and:
	# echo test | /usr/local/majordomo/wrapper resend -l test-l test-l-outgoing
	Here you should have 'Bus error'.

Policy majordomo-test.cb is attached. Look into logs for PIDs of processes
that was monitored by cerb, they got read-only pages and look at PID
of process exiting with SIGBUS.

I've spend two days(?) on tracking this down in cerb, so good luck!

PS. Note that we're talking about FreeBSD 4.x here.

-- 
Pawel Jakub Dawidek                       pawel at dawidek.net
UNIX Systems Programmer/Administrator     http://garage.freebsd.pl
Am I Evil? Yes, I Am!                     http://cerber.sourceforge.net
-------------- next part --------------
#include "addons.cbh"

beginrules

REGISTER("majorodomo-test")

ADD_SYSCALL(SYS_execve);

if (syscall == SYS_execve && ruid > 0) {
	log(LOG_INFO, "PROCESS: %s PID=%u, ruid=%u, euid=%u", pname, pid, ruid,
	    euid);
	/*
	 * Because here we're using syscall argument (arg[0]) new page
	 * page will be allocated for this argument and this page
	 * will be marked as read-only.
	 */
	log(LOG_INFO, "ARG[0]: %s", arg[0]);
	return call();
}

endrules
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20030715/64d1017a/attachment.bin