FreeBSD Kernel buffer overflow
Pawel Jakub Dawidek
pjd at FreeBSD.org
Sat Sep 18 02:31:14 PDT 2004
On Sat, Sep 18, 2004 at 02:18:55AM -0700, Don Lewis wrote:
+> On 18 Sep, Pawel Jakub Dawidek wrote:
+> > On Fri, Sep 17, 2004 at 12:37:12PM +0300, Giorgos Keramidas wrote:
+> > +> % +#ifdef INVARIANTS
+> > +> % + KASSERT(0 <= narg && narg <= 8, ("invalid number of syscall args"));
+> > +> % +#endif
+> >
+> > Maybe:
+> > KASSERT(0 <= narg && narg <= sizeof(args) / sizeof(args[0]),
+> > ("invalid number of syscall args"));
+> >
+> > So if we decide to increase/decrease it someday, we don't have to remember
+> > about this KASSERT().
+>
+> What keeps the attacker from installing two syscalls, the first of which
+> pokes NOPs over the KASSERT code, and the second of which accepts too
+> many arguments?
First of all, this is not protection from an attacker, but help for bad
programmers.
+> If you think we really need this bit of extra security, why not just
+> prevent the syscall with too many arguments from being registered by
+> syscall_register()? At least that keeps the check out of the most
+> frequently executed path.
Good point, this is much better place for it.
--
Pawel Jakub Dawidek http://www.FreeBSD.org
pjd at FreeBSD.org http://garage.freebsd.pl
FreeBSD committer Am I Evil? Yes, I Am!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20040918/557ebbcd/attachment.bin
More information about the freebsd-hackers
mailing list