FreeBSD Kernel buffer overflow
Don Lewis
truckman at FreeBSD.org
Sat Sep 18 02:19:06 PDT 2004
On 18 Sep, Pawel Jakub Dawidek wrote:
> On Fri, Sep 17, 2004 at 12:37:12PM +0300, Giorgos Keramidas wrote:
> +> % +#ifdef INVARIANTS
> +> % + KASSERT(0 <= narg && narg <= 8, ("invalid number of syscall args"));
> +> % +#endif
>
> Maybe:
> KASSERT(0 <= narg && narg <= sizeof(args) / sizeof(args[0]),
> ("invalid number of syscall args"));
>
> So if we decide to increase/decrease it someday, we don't have to remember
> about this KASSERT().
What keeps the attacker from installing two syscalls, the first of which
pokes NOPs over the KASSERT code, and the second of which accepts too
many arguments?
If you think we really need this bit of extra security, why not just
prevent the syscall with too many arguments from being registered by
syscall_register()? At least that keeps the check out of the most
frequently executed path.
More information about the freebsd-hackers
mailing list