FreeBSD Kernel buffer overflow
Devon H. O'Dell
dodell at sitetronics.com
Fri Sep 17 23:04:42 PDT 2004
--------- Original Message --------
From: Matt Emmerton <matt at gsicomp.on.ca>
To: Mike Meyer <mwm at mired.org>
Cc: viro at parcelfarce.linux.theplanet.co.uk, gerarra at tin.it,
freebsd-hackers at freebsd.org
Subject: Re: FreeBSD Kernel buffer overflow
Date: 18/09/04 05:41
>
>
> ----- Original Message -----
> From: "Mike Meyer" <mwm at mired.org>
> To: "Matt Emmerton" <matt at gsicomp.on.ca>
> Cc: <viro at parcelfarce.linux.theplanet.co.uk>; "Avleen Vig"
> <lists-freebsd at silverwraith.com>;
<freebsd-hackers at freebsd.org>;
> <gerarra at tin.it>
> Sent: Saturday, September 18, 2004 1:22 AM
> Subject: Re: FreeBSD Kernel buffer overflow
>
>
> > In <001801c49d38$1c8cb790$1200a8c0 at gsicomp.on.ca>, Matt
Emmerton
> <matt at gsicomp.on.ca> typed:
> > > I disagree. It really comes down to how secure you want FreeBSD
to be,
> and
> > > the attitude of "we don't need to protect against this case
because
> anyone
> > > who does this is asking for trouble anyway" is one of the
main reason
> why
> > > security holes exist in products today. (Someone else had
brought this
> up
> > > much earlier on in the thread.)
> >
> > You haven't been paying close enough attention to the discussion. To
> > exploit this "security problem" you have to be root. If
it's an
> > external attacker, you're already owned.
>
> I'm well aware of that fact. That's still not a reason to protect against
> the problem.
>
> If your leaky bucket has 10 holes in it, would you at least try and plug
> some of them?
>
> --
> Matt Emmerton
So should we stop the command ``shutdown -h now'' from working for root?
After all, he can DoS the system with it?
How about this: let's disallow root from loading kernel modules! That way
this can't ever happen.
Even better: Why don't we just not boot into a usable environment! Then we
have NO security holes.
You guys are failing to see: ROOT HAS OMNIPOTENT POWER. SOMEBODY MUST HAVE
OMNIPOTENT POWER. THIS IS NOT A BUG. THERE IS NOTHING TO SEE HERE, MOVE ON.
Not to be sarcastic, but you guys are missing the problem. The problem was
that someone was unaware of a kernel API. When you start programming for the
kernel, you need to make sure that the code is secure. If you think this is
a problem, take a look at init(8) and learn about securelevels.
What happened: someone was unfamiliar with the syscall API. They crashed
their system. They screamed wildly, believing they'd found a buffer
overflow, when they'd merely overloaded the function stack and screwed up
the call. This caused the system to reboot. Solution: make it more clear
that syscalls take only 8 arguments. Make it clear that you can pass
arguments in a struct to a syscall. Make it clear that many/most syscalls do
this anyway. If there's beef on this, take it to doc at .
--Devon
More information about the freebsd-hackers
mailing list